The host is installed with Jenkins LTS 2.277.1 through 2.375.3 or Jenkins rolling 2.270 through 2.393 and is prone to a stored cross-site scripting vulnerability. A flaw is present in the application, which fails to handle issues in unspecified vectors. Successful exploitation could allow attackers to provide plugins to the configured update sites and have this message shown by Jenkins instances.