CVE-2026-0868

Name of the Vulnerable Software and Affected Versions EMC – Easily Embed Calendly Scheduling Features versions prior to 4.5

Description Stored Cross-Site Scripting occurs via the calendly shortcode due to insufficient input sanitization and output escaping on user supplied attributes. Authenticated attackers with contributor-level access and above can inject arbitrary web scripts into pages, which execute when a user accesses the affected page.

Recommendations Update to a version later than 4.4.