opentsdb is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the insufficient validation of parameters reflected in error messages in the `internalError` and `badRequest` functions of `HttpQuery.java`, which allows an attacker to inject and execute malicious JavaScript through the legacy HTTP query API and the logging endpoint.Read More