Cybozu Garoon is a portal-based OA office system from Cybozu Japan. A cross-site scripting vulnerability exists in some of the email functions in Cybozu Garoon. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in userβs Web browser.