Yurabakhtin

**Name of the Vulnerable Software and Affected Versions** b2evolution version 6.7.6 **Description** The issue is related to an Object Injection in the /htsrv/call plugin.php endpoint. **Recommendations** For version 6.7.6, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** b2evolution versions 6.7.5 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. **Recommendations** For versions 6.7.5 and earlier, update to a version later than 6.7.5 to resolve the issue.