Secure Network releases the security advisory SN-15-01 for multiple vulnerabilities found in JForum.

SN-15-01: multiple vulnerabilities have been identified in JForum version 2.1.9 stable and its unofficial updated version 2.3.5, ranging from high-impact issues like Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) to lower-impact ones like missing security flag for session cookie. Older versions may also be vulnerable.

Source URL:
https://www.securenetwork.it/en/research/advisories/2015/02/sn-15-01/

Please update to JForum version 2.4.0 or later.