Jenkins HTML Publisher Plugin is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper input sanitization, allowing attackers with Item/Configure permission to execute XSS attacks and determine the existence of paths on the Jenkins controller file system.