An issue exists in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.
opentsdb opentsdb 2.3.0