CVE-2012-5873

Name of the Vulnerable Software and Affected Versions ARC (aka ARC2) through 2011-12-01

Description The issue allows reflected XSS via the end point.php query parameter in an output=htmltab action. This can be exploited through the "/end point.php" API endpoint, specifically by manipulating the output parameter and the query parameters passed to it.

Recommendations For ARC (aka ARC2) through 2011-12-01, consider restricting access to the /end point.php API endpoint, specifically when the output parameter is set to htmltab, until a patch is available. As a temporary workaround, avoid using the end point.php query parameter in actions where output=htmltab to minimize the risk of exploitation.