There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
dolibarr dolibarr erp/crm 10.0.2