jenkins is vulnerable to cross-site scripting(XSS) attacks. The HTML output generated for new symbol-based SVG icons includes the title
attribute of l:ionicon
and alt
attribute of l:icon
without further escaping, resulting in a cross-site scripting (XSS) vulnerability.