Unsticky

**Name of the Vulnerable Software and Affected Versions** b2evolution version 1.8.6 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via scriptable attributes in the `redirect to` parameter in the htsrv/login.php file. **Recommendations** For version 1.8.6, consider restricting access to the htsrv/login.php file until a patch is available, and avoid using scriptable attributes in the `redirect to` parameter to minimize the risk of exploitation.