Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission.
Yet Another Build Visualizer Plugin 1.12 escapes tooltip content.
www.openwall.com/lists/oss-security/2020/08/12/4
github.com/jenkinsci/yet-another-build-visualizer-plugin
github.com/jenkinsci/yet-another-build-visualizer-plugin/commit/0e6db61ef66f4ed4f2e580240e364f195b00ee6e
jenkins.io/security/advisory/2020-08-12/#SECURITY-1940
nvd.nist.gov/vuln/detail/CVE-2020-2236