Cybozu Garoon is a portal-based OA office system from Cybozu Japan. A cross-site scripting vulnerability exists in Cybozu Garoon, which is caused by a failure to adequately clean user-supplied data in the scheduler. An attacker could exploit the vulnerability to execute JavaScript code on the client side.