Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

...

Open Redirect And Cross-site Scripting (XSS)

django is vulnerable to open redirect and cross-site scripting XSS attacks.The library's security check for redirects considers certain numeric URLs as safe, allowing a malicious user to cause an open redirect or cross-site scripting attack via URL linking...

[SECURITY] Fedora 24 Update: w3m-0.5.3-27.git20161120.fc24

The w3m program is a pager or text file viewer that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from t...