Alertmanager handles alerts sent by client applications such as the
Prometheus server. An attacker with the permission to perform POST requests
on the /api/v1/alerts endpoint could be able to execute arbitrary
JavaScript code on the users of Prometheus Alertmanager. This issue has
been fixed in Alertmanager version 0.2.51.
#### Bugs