Oracle Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before returning it to the user.
An attacker can exploit this issue to execute arbitrary HTML and script code in a userâ??s browser session in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The vulnerability is reported in Oracle Portal versions 9i and10g.