jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Affected JQuery Versions: 1.8.0 to 2.2.4

The latest version of Jenkins is using 1.12.4. 

Based on 
[#CVE-2015-9251

It is a bad practice to use outdated libraries with known security vulnerabilities. The solution to this is to update Jquery to 3+ version.