WebCalendar is a PHP application for maintaining calendars for individual users or groups of Intranet users. It can also be configured as an event calendar. WebCalendar v1.3.0 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the /WebCalendarvqsmnseug2/edit_entry.php component, which can be exploited by an attacker to execute arbitrary web script or HTML by injecting a carefully crafted payload.