XSS vulnerability within the CRM

As authenticated user you will be able to create an organization with the name: <img src=x onerror="alert('XSS');" After saving the new organization every user who accesses the organizations tab and has the "Recently Modified" widget open (default) will run the malicious code.