Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Repository Connector Plugin 2.0.3 escapes parameter names and descriptions when creating new parameters.