Cybozu Garoon is a portal-based OA office system from Cybozu Japan. The system provides portal, E-mail, bookmarks, scheduling, bulletin board, document management, etc. A cross-site scripting vulnerability exists in Cybozu Garoon, which stems from insufficient cleaning of user-supplied data in organizational information. An attacker could use the vulnerability to trick victims into following specially crafted links and executing arbitrary HTML and script code in the context of a vulnerable website in the userβs browser.