DAViCal CalDAV Server versions 1.1.8 and below suffer from a cross site request forgery vulnerability.