Cross site scripting
Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...