Dorina Timbur also reported this more recently. Quoting from the duplicate bug:
"As part of a penetration test done by a third party on a customer environment, it was found that by adding JavaScript into the ‘Subnet Name’ field, the JavaScript would trigger when adding the network to an instance and then loading a network trunk. The user needs permissions to create a network and edit an instance for this to trigger. See attached screenshots for more details. This is susceptible to a Cross-Site Scripting (XSS) vulnerability."
Dorina Timbur also reported this more recently. Quoting from the duplicate bug:
"As part of a penetration test done by a third party on a customer environment, it was found that by adding JavaScript into the ‘Subnet Name’ field, the JavaScript would trigger when adding the network to an instance and then loading a network trunk. The user needs permissions to create a network and edit an instance for this to trigger. See attached screenshots for more details. This is susceptible to a Cross-Site Scripting (XSS) vulnerability."