Possible JavaScript issue

Possible JavaScript issue

Our developer may have found a possible issue.  Please advise...
 

There is a weakness in ServiceDesk Plus’s handling of Javascript in e-mail-generated tickets.

You can sneak script into the subject line of e-mails sent to ServiceDesk Plus:
(see screenshot labeled - Txt in Sbjct scrnshot)
 

The script will not be shown to the user and it will be executed when the ticket is displayed:

(see screenshot labeled - Test test test)
 
The script can be seen in the request list if the sender doesn’t put enough filler before the start of the script:
(see Testing script scrnsht)
 
Let me know what can be done about this.
 
Thanks,
S
 
 
 

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products