The mm_forum extension up to and including 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.
mm forum project mm forum