Zoho ManageEngine SupportCenter Plus prior to 11016 is vulnerable to Reflected XSS in the Products module.
zohocorp manageengine supportcenter plus 11.0