CVE-2006-6703

Name of the Vulnerable Software and Affected Versions: Oracle Portal versions 9i and 10g

Description: The issue allows remote attackers to inject arbitrary JavaScript code via the tc parameter in the "webapp/jsp/container tabs.jsp" API endpoint, and other unspecified vectors. This can lead to cross-site scripting (XSS) attacks.

Recommendations: For Oracle Portal version 9i, update to a version that includes the fix for this issue. For Oracle Portal version 10g, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the "webapp/jsp/container tabs.jsp" endpoint to minimize the risk of exploitation. Avoid using the tc parameter in the affected API endpoint until the issue is resolved.