Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin

Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting (XSS) vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or Agent/Configure permission, otherwise by users with Overall/Administer permission.

Matrix Authorization Strategy Plugin 2.6.2 escapes user names in the permission table.