Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959
https://seclists.org/bugtraq/2020/Jan/34
https://sec-consult.com/en/vulnerability-lab/advisories/index.html