CVE-2016-1216by Jeremyin Security Bulletinson Posted on April 20, 2017 Cross-site scripting (XSS) vulnerability in the “New appointment” function in Cybozu Garoon before 4.2.2.