CVE-2018-11628

Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.

Date published : 2018-06-01

http://www.securityfocus.com/bid/104428

https://www.exploit-db.com/exploits/44831/