Closed
Description
Hi,
You have a html injection in field "url" from the external calendar. You only need to edit the url parameter like: http://">< h1>injection< /h1> to see the html injection.
Regards
I see others fields like the bank name that is suceptible to html injection because all fields are not correctly parsed to avoid this issue:

