Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
The information has been provided by Vendor
The original article can be found at https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1784
Timestamper Plugin 1.11.1 and earlier does not escape or sanitize the HTML formatting used to display the timestamps in console output for builds.
Timestamper Plugin 1.11.1 and earlier
Published Date: 03/06/2020