JavaScript in Email-generated Tickets

JavaScript in Email-generated Tickets

Is there a weakness in ServiceDesk Plus’s handling of Javascript in e-mail-generated tickets?

 

You can sneak script into the subject line of e-mails sent to ServiceDesk Plus.

 

The script will not be shown to the user and it will be executed when the ticket is displayed.

   

The script can be seen in the request list if the sender doesn’t put enough filler before the start of the script.
 
Has anyone expereinced this?  What's the resolution?
There is a fear a team member of mine has that this could be turned into spambots by Trojan horse-laden e-mail tickets that get read by admins, much like with the e-mail Trojans of the late 90s.
 
Please provide insite & details.
 
 

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products