CVE-2007-1506

Name of the Vulnerable Software and Affected Versions Oracle Portal 10g

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the p oldurl and p newurl parameters in the PORTAL.wwv main.render warning screen function.

Recommendations For Oracle Portal 10g, as a temporary workaround, consider restricting access to the PORTAL.wwv main.render warning screen function until a patch is available. Avoid using the p oldurl and p newurl parameters in this function until the issue is resolved.