CVE 2012-4397
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecale
See the
CVE page on Mitre.org
for more details.