CVE-2006-5599

Name of the Vulnerable Software and Affected Versions: Oracle Application Express versions prior to 2.2.1

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML or web script via the WWV FLOW ITEM HELP package. This could potentially lead to unauthorized actions on the affected system. The issue is likely fixed by the October 2006 CPU.

Recommendations: For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the WWV FLOW ITEM HELP package until a patch is applied.