Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2022-25205 Vulnerability in maven package org.jenkins-ci.plugins:dbcharts
CVE-2011-2732 Vulnerability in maven package org.springframework.security:spring-security-core
CVE-2016-3088 Vulnerability in maven package org.apache.activemq:apache-activemq
CVE-2023-49803 Vulnerability in npm package @koa/cors
CVE-2022-27202 Vulnerability in maven package org.jenkins-ci.plugins:extended-choice-parameter