Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon prior to 4.2.2.
cybozu garoon