Cross-Site Scripting Vulnerability in ICS Calendar by Room 34 Creative Services, LLC
CVE-2026-59516
7.1HIGH
What is CVE-2026-59516?
The ICS Calendar plugin by Room 34 Creative Services, LLC contains a Cross-Site Scripting vulnerability that allows attackers to execute arbitrary JavaScript in the context of a victim's session. This occurs due to improper neutralization of user input when generating web pages, particularly impacting users with versions up to 12.1.1. Attackers can exploit this vulnerability to manipulate web content, potentially leading to session hijacking or data theft. Maintaining updated versions is crucial to mitigate associated risks.
Affected Version(s)
ICS Calendar 0 <= 12.1.1