org.jenkins-ci.plugins, htmlpublisher is vulnerable to Cross-Site Scripting. The vulnerability is due to publishReports
function within HtmlPublisher.java
not having proper input sanitization, This flow allows attackers with Item/Configure permission to inject malicious scripts into job names, report names, and index page titles displayed as part of the report frame.