JaxUltraBB versions 2.0 and below suffer from local file inclusion and cross site scripting vulnerabilities.