PHP-Calendar versions 2.0 Beta6 and below suffers from a cross site scripting vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89797/phpcalendar-xss.txt
Source: https://packetstormsecurity.com/files/89797/PHP-Calendar-Cross-Site-Scripting.html