Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2020-8203 Vulnerability in npm package @sailshq/lodash
CVE-2017-5656 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2022-23945 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2016-2402 Vulnerability in maven package com.squareup.okhttp3:okhttp
CVE-2023-32070 Vulnerability in maven package org.xwiki.platform:xwiki-core-rendering-api