jenkins is vulnerable to cross-site scripting (XSS). The vulnerability exists as Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages.