New Relic: Stored XSS via malicious key value of Synthetics monitor tag when visiting an Insights dashboard with filtering enabled

Introduction & Context This is a complex XSS that requires multiple steps in order to setup. It also requires you to have a good understanding of both New Relic Insights, New Relic Synthetics monitors, and the NerdGraph API explorer. Background Context: New Relic Synthetics and the history of tag...

New Relic: Restricted user can manage the NerdGraph entities' tags

Hey team, I've found that the Restricted user can manage the NerdGraph entities' tags: - create new ones; - edit and/or remove current ones. It seems that the tags are supposed to be used internally by account administration and unauthorized removing of them can cause some issues. Thus, this repo...