It was reported [1],[2] that WebCalendar suffers from a stored XSS flaw in the location variable. There is currently no fix available. [1] http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870 [2] http://seclists.org/bugtraq/2012/Jan/128
WebCalendar-1.2.4-3.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
WebCalendar-1.2.4-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.