Jenkins LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
{ "cpes": [ "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*" ], "severity": "Medium" }