VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ
form validation endpoint output.
This results in a reflected cross-site scripting (XSS) vulnerability.
VncRecorder Plugin 1.35 escapes the parameter value in the output.