New Relic: Stored XSS at APM transaction map (transactionName field)

Hey team, You've recently fixed my previous report about transaction map stored XSS 549084 and the fix is correct, I wasn't successful with finding a bypass. But I've discovered another vulnerable transaction map field transactionName. An attacker can inject a payload inside this field and then,...

New Relic: Stored XSS firing at transaction map (applicationName field)

Hey team, I have discovered the stored XSS vulnerability which is triggered at transaction map. The transaction map is retrieved via GET-request to the URL like https://rpm.newrelic.com/accounts/2319495/applications/143826822/transactions/2877762416/transactionmap. The response contains the...