In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
Credits
This issue was discovered by DangKhai from Viettel Cyber Security
