The popular calendar plugin Events Manager was reported as containing a Cross-Site Scripting vulnerability, which turned out to be a false positive (no such vulnerability). Several vulnerability reporting sites are still listing it as vulnerable, and if you have it installed you may have been notified.
However, it is not an actual problem and you can safely continue using version 5.9.8.1 or later.