Website : http://www.calendarix.com 

Vulnerable : 

if (!isset($_GET['ycyear']))
  $ycyear = $y ;
else
  $ycyear = $_GET['ycyear'];

http://www.site.com/[path]/yearcal.php?ycyear=