baremetrics-calendar is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because Calendar.js
does not properly sanitize the placeholder
field when creating a Calender
instance which allows an attacker to inject and execute malicious JavaScript.