xF1 Add-on Calendar 6.1

A security issue has been identified in earlier versions of this add-on. The issue allows a cross site scripting (XSS) attack to potentially be triggered via a specially crafted username. XSS issues may allow an attacker to steal data (including cookies) or force a user to take actions without their consent or knowledge (possibly including administrative actions).

I strongly recommend all users to upgrade to the latest version of Calendar v6.1 to resolve the issue as soon as possible.

Calendar v6.0 changes:

New improved way of adding recurring events. Updated User Group Permission for thread_view calendar link.

Calendar v5.9 changes:

Updated PHP code.

Calendar v5.8 changes:

Calendar date block in sidebar improvements made.

Calendar v5.6 changes:

Fixed minor issue with Daylight Savings Time.

Calendar v5.5 changes:

Updated andy_calendar.css template.

Calendar v5.4 changes:

Added Previous Month and Next Month buttons to Calendar page.

Calendar v5.3 changes:

Removed title when hovering over Calendar link in thread_list_item.

Calendar v5.2 changes:

Added Easter to Holiday file.