Symptoms
If JavaScript is copied and pasted into 'SN' parameter in SmartForm URL, it gets executed on load. For instance, URL like:
https://SomeUrl/Runtime/Runtime/Form/SomeForm/?SN=%3Cscript%3Ealert%28%22hi%22%29%3C/script%3E
Diagnoses
The issue was logged as a bug.
Resolution
The issue was corrected in the Smartforms rollup 4611.21
