Stored XSS vulnerability in Jenkins REST List Parameter Plugin

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins REST List Parameter Plugin 1.3.1 no longer identifies a parameter using user-specified content.