Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability.

Reflected XSS vulnerability in Jenkins JSGames Plugin