CVE-2016-4865by Jeremyin Security Bulletinson Posted on April 17, 2017 Cross-site scripting (XSS) vulnerability in the “Customapp” function in Cybozu Office 9.0.0 through 10.4.0.