Hi, got cjforum a while back. I have set up new user groups to filter out different sections of the forum. Yesterday a user of my forum found a way to see information from other sections through chrome inspector. By visit a topic in the allowed section he found "Related topics" further down. First of all, topics made in non-allowed sections was shown for the user in this list which are a security issue. The user could not access the topic by clicking the topic link, recieved error page with message "You are not allowed to view this resource". All good here.

But by entering chrome inspector he could find the html table for Related Topics and of some reason the title="" was containing the whole post output (in this case admin password to a server).

By entering a member profile it seems the title output are as it should (topic title and not the post) on both Topics and Discussions.

EDIT: It is also possible to logout, enter Advanced Search>All Categories.

All topics, restricted or not, shows up and through chrome inspector you can view the topic title reading the post output.