CVE 2014-2065
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
See the 
CVE page on Mitre.org
for more details.
