Use following command

<script>window.alert("hallo")</script>

Following input fields are affected
Cockpit:
Process Instance View: User Task Assignee
Process Instance View: Add string variable with name <script>window.alert("hallo")</script> in the instance modification menu. Subsequently go to variables tab and change the variable type to object. This can also be done by other users --> XSS

Admin:
Create new User Menu: User Id*
Create new Groups Menu: Group Id*