The URL Patterns field form validation error message is not escaped in Jenkins Audit Trail Plugin 3.2 and earlier, leading in a reflected cross-site scripting vulnerability.