Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon prior to 4.2.2.
cybozu garoon