It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities.
We also recommend that you subscribe to the TYPO3 Announce List, which is a low-traffic list, where only important announces like this one is being brought.