The host is installed with Jenkins LTS through 2.414.1 or Jenkins rolling release through 2.423 and is prone to a stored cross-site scripting (xss) vulnerability. A flaw is present in the application, which fails to handle caption constructor parameter of ExpandableDetailsNote. Successful exploitation allows attackers to have unspecified impact.