Cross-site Scripting
Jenkins Yet Another Build Visualizer does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission.
Advisories for Maven/Com.axis.system.jenkins.plugins.downstream/Yet-Another-Build-Visualizer package
2020