jenkins is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of the name and description of List Subversion tags (and more) parameters on views displaying parameters.
seclists.org/fulldisclosure/2022/Jul/18
access.redhat.com/errata/RHSA-2022:2205
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2074851
github.com/jenkinsci/subversion-plugin/commit/882a7d359f6ac73c53d787bff4d62eba837001ea
support.apple.com/kb/HT213345
www.jenkins.io/security/advisory/2022-04-12/
www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617