This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in the ACal Calendar Project.
The vulnerability is due to an error in the "login.php" script. The script relies on the "ACalAuthenticate" cookie parameter to determine if a user has been successfully authenticated. This can be exploited by remote attackers to bypass the authentication process and gain unauthorized access to the application, by setting the "ACalAuthenticate" parameter to "inside".
ACal Project 2.2.5
Upgrade to the latest version of ACal Project (2.2.6 or later):