Calendar Express Multiple Flaws

The remote web server contains a PHP script which is vulnerable to a cross site scripting and SQL injection vulnerability. Description : The remote host is using Calendar Express, a PHP web calendar. A vulnerability exists in this version which may allow an attacker to execute arbitrary HTML and script code in the context of the user's browser, and SQL injection. An attacker may exploit these flaws to use the remote host to perform attacks against third-party users, or to execute arbitrary SQL statements on the remote SQL database.
Upgrade to the latest version of this software.