DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk (DzzOffice). The platform can be used to provide online documents, forms, webstores, presentations and other features. A cross-site scripting vulnerability exists in dzzoffice version 2.02.1 SC UTF8, which stems from the lack of effective filtering and escaping of user-supplied data by the application, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload.