2 matches found
CVE-2012-5872
ARC (ARC2) up to version 2011-12-01 is affected by a blind SQL Injection in getTriplePatternSQL within ARC2_StoreSelectQueryHandler.php, exploitable via comments in a SPARQL WHERE clause. Affected software is ARC/ARC2, with the vulnerable code path in the StoreSelectQueryHandler. The underlying i...
CVE-2012-5873
ARC (aka ARC2) up to 2011-12-01 is affected by a reflected XSS through the end_point.php query parameter when action output=htmltab is used. The vulnerability is documented across multiple sources (NVD, Red Hat, CVE lists, and enrichment feeds) with a common description: input reflected in HTML o...