ApEx:XSS

Example
Create a Form on a table of type “Form on a Table with Report” Run the Report and create a row with this data in a VARCHAR2 column

When you press Create and branch back to the Report the JavaScript is run

Solution
Escape output, make the character as literal's

In PL/SQL use this function: HTF.escape_sc Read about safe items in the User’s Guide