Vulnerabilities (CVE)

Filtered by vendor Arc2 Project Subscribe
Filtered by product Arc2
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5873 1 Arc2 Project 1 Arc2 2024-11-21 N/A 5.3 MEDIUM
ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.
CVE-2012-5872 1 Arc2 Project 1 Arc2 2024-11-21 N/A 9.8 CRITICAL
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.