Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
https://www.manageengine.com/products/desktop-central/download.html
https://www.esecforte.com/manage-engine-desktopcentral-india-html-injection-vulnerability/