A security issue has been identified in earlier versions of this add-on. The issue allows a cross site scripting (XSS) attack to potentially be triggered via a specially crafted username. XSS issues may allow an attacker to steal data (including cookies) or force a user to take actions without their consent or knowledge (possibly including administrative actions).
I strongly recommend all users to upgrade to the latest version of Calendar v6.1 to resolve the issue as soon as possible.