Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values.Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description that is displayed on item creation.Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via "Trigger builds remotely".