There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
phpjabbers time slots booking calendar 3.3