CVE-2025-53350

Name of the Vulnerable Software and Affected Versions webjunk Calendar Plus versions through 1.2.4

Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists because the application does not adequately sanitize or encode user input before including it in the generated HTML output. This can allow an attacker to execute arbitrary JavaScript code in the context of a victim's browser. The vulnerable component is susceptible to attacks where a crafted URL containing malicious code is sent to a user. When the user clicks on the link, the malicious script is executed.

Recommendations Update webjunk Calendar Plus to a version later than 1.2.4.