Please fix the stored XSS vulnerability

[noodles101]

Jenkins and plugins versions report

Environment

Jenkins: 2.357
OS: Windows 10 - 10.0
---
ace-editor:1.1
ant:475.vf34069fef73c
antisamy-markup-formatter:2.7
apache-httpcomponents-client-4-api:4.5.13-1.0
authentication-tokens:1.4
authorize-project:1.4.0
backup:1.6.1
bootstrap4-api:4.6.0-5
bootstrap5-api:5.1.3-7
bouncycastle-api:2.26
branch-api:2.1046.v0ca_37783ecc5
build-timeout:1.21
built-on-column:1.1
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.7.4
cloudbees-folder:6.729.v2b_9d1a_74d673
command-launcher:84.v4a_97f2027398
conditional-buildstep:1.4.2
credentials:1129.vef26f5df883c
credentials-binding:523.vd859a_4b_122e6
dashboard-view:2.432.va_712ce35862d
date-parameter:0.0.4
display-url-api:2.3.6
docker-commons:1.19
docker-workflow:1.29
durable-task:496.va67c6f9eefa7
echarts-api:5.3.3-1
email-ext:2.89
emailext-template:1.4
envinject:2.866.v5c0403e3d4df
envinject-api:1.199.v3ce31253ed13
external-monitor-job:191.v363d0d1efdf8
extreme-notification:1.6
font-awesome-api:6.1.1-1
git:4.11.3
git-client:3.11.0
git-parameter:0.9.17
git-server:1.11
github:1.34.4
github-api:1.303-400.v35c2d8258028
github-branch-source:1656.v77eddb_b_e95df
gitlab-plugin:1.5.35
gradle:1.39.2
handlebars:3.0.8
instance-identity:3.1
jackson2-api:2.13.3-285.vc03c0256d517
javadoc:217.v905b_86277a_2a_
javax-activation-api:1.2.0-3
javax-mail-api:1.6.2-6
jaxb:2.3.6-1
jdk-tool:1.5
jersey2-api:2.36-2
jjwt-api:0.11.5-77.v646c772fddb_0
jnr-posix-api:3.1.7-3
jquery:1.12.4-1
jquery-detached:1.2.1
jquery3-api:3.6.0-4
jsch:0.1.55.2
junit:1119.1121.vc43d0fc45561
ldap:2.10
locale:144.v1a_998824ddb_3
lockable-resources:2.15
mailer:414.vcc4c33714601
mapdb-api:1.0.9.0
matrix-auth:2.6.11
matrix-project:772.v494f19991984
mina-sshd-api-common:2.8.0-21.v493b_6b_db_22c6
mina-sshd-api-core:2.8.0-21.v493b_6b_db_22c6
momentjs:1.1.1
okhttp-api:4.9.3-105.vb96869f8ac3a
pam-auth:1.8
parameterized-trigger:2.44
pipeline-build-step:2.18
pipeline-github-lib:38.v445716ea_edda_
pipeline-graph-analysis:195.v5812d95a_a_2f9
pipeline-groovy-lib:593.va_a_fc25d520e9
pipeline-input-step:449.v77f0e8b_845c4
pipeline-milestone-step:101.vd572fef9d926
pipeline-model-api:2.2097.v33db_b_de764b_e
pipeline-model-definition:2.2097.v33db_b_de764b_e
pipeline-model-extensions:2.2097.v33db_b_de764b_e
pipeline-rest-api:2.24
pipeline-stage-step:293.v200037eefcd5
pipeline-stage-tags-metadata:2.2097.v33db_b_de764b_e
pipeline-stage-view:2.24
plain-credentials:1.8
plugin-util-api:2.17.0
popper-api:1.16.1-3
popper2-api:2.11.5-2
rebuild:1.34
resource-disposer:0.19
run-condition:1.5
scm-api:608.vfa_f971c5a_a_e9
script-security:1175.v4b_d517d6db_f0
snakeyaml-api:1.30.2-76.vc104f7ce9870
ssh-credentials:291.v8211e4f8efb_c
ssh-slaves:1.821.vd834f8a_c390e
sshd:3.242.va_db_9da_b_26a_c3
structs:318.va_f3ccb_729b_71
subversion:2.15.5
thinBackup:1.10
timestamper:1.18
token-macro:293.v283932a_0a_b_49
trilead-api:1.57.v6e90e07157e1
variant:1.4
windows-slaves:1.8.1
workflow-aggregator:590.v6a_d052e5a_a_b_5
workflow-api:1165.v02c3db_a_6b_e36
workflow-basic-steps:948.v2c72a_091b_b_68
workflow-cps:2725.v7b_c717eb_12ce
workflow-durable-task-step:1155.v79567b_e0a_2de
workflow-job:1189.va_d37a_e9e4eda_
workflow-multibranch:716.vc692a_e52371b_
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:625.vd896b_f445a_f8
workflow-support:820.vd1a_6cc65ef33
ws-cleanup:0.42

Please fix the stored XSS vulnerability.

What Operating System are you using (both controller, and any agents involved in the problem)?

Windows

Reproduction steps

Please fix the stored XSS vulnerability.

Expected Results

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784

Actual Results

Anything else?

No response

/assign @leejaycoke @PierreBtz

[PierreBtz]

@noodles101 unsure why I'm tagged in this, I'm not maintaining this plugin.

[DemiurgeKH3]

@leejaycoke may be ?

[noodles101]

Now we need @leejaycoke or @PierreBtz to look into #13 so this fix could be released.

[PierreBtz]

@noodles101, I'll reiterate one more time I'm not maintaining this plugin. Please stop pinging me.