Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2012-5886 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2019-10062 Vulnerability in npm package aurelia-framework
CVE-2015-7501 Vulnerability in maven package org.apache.commons:commons-collections4
CVE-2019-20174 Vulnerability in maven package org.webjars.npm:auth0-lock
CVE-2017-9791 Vulnerability in maven package org.apache.struts:struts2-struts1-plugin