Jenkins Fortify Plugin 22.1.38 and previous versions does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
jenkins fortify