The following flaw was found in Jenkins:
Jenkins allows the creation of users with less-than and greater-than characters in their names. These user names were not escaped when displaying search suggestions, resulting in a cross-site scripting vulnerability.
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1418736]