An issue exists in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.
eventum project eventum