CVE-2018-12973

Name of the Vulnerable Software and Affected Versions OpenTSDB version 2.3.0

Description An issue was discovered in OpenTSDB, where there is a Cross-Site Scripting (XSS) vulnerability in the json parameter to the "/q" URI. This allows for potential malicious script execution.

Recommendations For OpenTSDB version 2.3.0, as a temporary workaround, consider restricting access to the "/q" URI or sanitizing the json parameter to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.