Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2022-34183 Vulnerability in maven package io.jenkins.plugins:agent-server-parameter
CVE-2023-28668 Vulnerability in maven package org.jenkins-ci.plugins:role-strategy
CVE-2019-10464 Vulnerability in maven package org.jenkins-ci.plugins:weblogic-deployer-plugin
CVE-2020-35509 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2018-1000175 Vulnerability in maven package org.jenkins-ci.plugins:htmlpublisher