An issue exists in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
zohocorp manageengine servicedesk plus 10.5