Ems · Ems Master Calendar · CVE-2018-11628
**Name of the Vulnerable Software and Affected Versions**
EMS Master Calendar versions prior to 8.0.0.201805210
**Description**
The issue arises from improper sanitization of data input into the EMS Master Calendar via URL parameters, allowing malicious attackers to craft a URL that can lead to XSS.
**Recommendations**
For versions prior to 8.0.0.201805210, update to version 8.0.0.201805210 or later to resolve the issue. As a temporary workaround, consider restricting access to URL parameters to minimize the risk of exploitation.