Sea Shark

**Name of the Vulnerable Software and Affected Versions** Oracle Portal 10g **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `p oldurl` and `p newurl` parameters in the `PORTAL.wwv main.render warning screen` function. **Recommendations** For Oracle Portal 10g, as a temporary workaround, consider restricting access to the `PORTAL.wwv main.render warning screen` function until a patch is available. Avoid using the `p oldurl` and `p newurl` parameters in this function until the issue is resolved.