Jenkins CI version 1.523 has a default markup formatter that permits offsite-bound forms. This vulnerability could be exploited by a remote attacker (a malicious user) to inject malicious persistent HTML script code (application side) and in turn perform a cross site scripting attack.
5764f0eb1aedc4495f9f0a84672d7a2996fc96b4c3ea9d658bcea48cd425c6bf