New Relic: Stored XSS Via NRQL chartbuilder JSON view

I've found another stored XSS that can affect other users through the JSON chart type in one.newrelic.com Steps to Reproduce: 2. Navigate to the chart builder in one.newrelic.com 3. Within the chart builder, perform the following NRQL query: SELECT “ "' Style=position FROM SyntheticCheck 4. Paylo...

New Relic: (Prerelease UI) Stored XSS via role name in JSON chart

When ████████ is released to the public, and you aren't someone like me who has to hack their way around to get access to it see: 520623 there will be a stored XSS in the chart builder section because of unsanitization of the role name when it is displayed as JSON within the chart visualization...