Dzzoffice is an open source office suite for enterprises and teams to build their own enterprise collaboration platform similar to βGoogle Enterprise Application Suiteβ and βMicrosoft Office 365β. Version 2.02.1 is vulnerable to a stored cross-site scripting vulnerability. An attacker can use the settingnew parameter to inject malicious code.