Bttthuan

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions 5.0.0 through 5.15.2 **Description** A cross-site scripting issue allows a remote authenticated attacker with administrative privileges to inject an arbitrary script into the web browser of a user logging into the product. This can be exploited by injecting malicious scripts, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For Cybozu Garoon versions 5.0.0 through 5.15.2, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting administrative access to trusted users only until a patch is available.