Hello Apache security team,
I have been testing an application which internally uses the Apache drill software v 1.6 as of now.
I found XSS on profile page (sink) where in the user's malicious input comes from the Query page (source) where you run a query.
Affected URL : https://localhost:8047/profiles
Once the user give the below payload and load the profile page, it gets triggered and is stored.
I have attached the screenshot of payload <script>alert(document.cookie)</script>.