HTML Injection via comment/short description fields
We discussed this at a meeting. It is possible to insert HTML code into the comment and short description fields which then gets interpreted on the MISCOMP web forms.
I think simply changing every double-quote (") to a single-quote (') might 'fix' the issue.
This is LOW priority, as I just discovered that the existing MISCOMP web forms have the same problem!