d3nx

1 exploit Active since Mar 2007
CVE-2007-1506 EXPLOITDB text WORKING POC
Oracle Application Server Portal - Cross-Site Scripting via p_oldurl and p_newurl Parameters
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.