Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
{
"github_reviewed_at": "2022-12-01T23:01:50Z",
"nvd_published_at": "2022-02-15T17:15:00Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH"
}