Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2023-35166 Vulnerability in maven package org.xwiki.platform:xwiki-platform-help-ui
CVE-2015-8854 Vulnerability in maven package org.webjars:marked
CVE-2014-9772 Vulnerability in npm package validator
CVE-2016-3721 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2011-5063 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core