Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.
Known previously unsafe sources for these suggestions include the names of loggers in the log recorder condition, and agent labels.
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1516794]
Affects: openshift-1 [bug 1516795]