Oracle bug hunter David Litchfield scoured Oracle EBusiness Suite looking for vulnerabilities. He found and reported 50 vulnerabilities in 11i, 21 of which were SQL injection and 26 cross-site scripting. The software is an “aged product”” that dates back to 2001
Source: the PL/SQL gateway