Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.
phpjabbers time slots booking calendar 4.0