There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
dolibarr dolibarr erp\\/crm 10.0.2