Jenkins Security Advisory 2014-02-14 notes: "Stored XSS vulnerability. A malicious user of Jenkins with a certain set of permissions can cause Jenkins to store arbitrary HTML fragment." Upstream fix: https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014 References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.1 Via RHBA-2014:1630 https://rhn.redhat.com/errata/RHBA-2014-1630.html