VncRecorder Plugin 1.25 and earlier does not escape a tool path in the checkVncServ
form validation endpoint accessed e.g. via job configuration forms.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators.
VncRecorder Plugin 1.35 escapes the tool path.