The Hologram SIM names are not escaped for HTML tags when loaded onto the page, eg. if you change the name of a sim to:
<img src=x onerror=alert('X')>xx
It will display a javascript popup message. Though not really exploitable, it could lead to unwanted side effects etc. if performed in an organisational account. This may be present amongst other forms on the site as well.