ERP has a stored XSS vulnerability

### Vulnerability Reproduction
Log in to the backend, the notes in the form in the first four function points can cause xss, payload: <script>alert('xss')</script>, and finally click Save to successfully pop up the window.

![Image](https://github.com/user-attachments/assets/e58d6f00-7415-40a9-a27c-0c4b5ddc9a77)