Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2020/Jan/32
sec-consult.com/en/vulnerability-lab/advisories/index.html
seclists.org/bugtraq/2020/Jan/34
www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959