Subscribe by Email cross-site scripting vulnerability

Hi - Our security team has raised an alert in regard to this SBE code:

<div class="sbe-widget-form-field-title">Email address</div>
<input type="email" class="sbe-widget-form-field sbe-widget-email-field sbe-form-field" name="subscription-email" placeholder="ex: someone@mydomain.com" value="winter@example.comkp4tp\"><script>alert(XSS)</script>jlu01">

"RECOMMENDATIONS"
"The issue occurs because the browser interprets the input as active HTML, JavaScript or VBScript. To avoid this, output should be encoded according to the output location and context. For example, if the output goes in to a JavaScript block within the HTML document, then output need s to be encoded accordingly."

Could you please take a look at this issue and see whether a patch to the Subscribe by Email plugin is indicated?

Thanks!