Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2023-24438 Vulnerability in maven package org.jenkins-ci.plugins:jira-steps
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12
CVE-2023-49398 Vulnerability in maven package com.jfinal:jfinal
CVE-2018-1000086 Vulnerability in npm package pym.js
CVE-2023-29517 Vulnerability in maven package org.xwiki.platform:xwiki-platform-office-viewer