This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in ActiveCalendar.
The vulnerability is due to input validation errors in various scripts (e.g. "data/flatevents.php") when processing the "css" parameter. It can be exploited by attackers to cause malicious scripting code to be executed by the user's browser.
Active Calendar 1.2.0
System Compromise: remote script execution.
Apply the latest update from the vendor: