Oracle Workflow is part of the database or application server installation. The parameter end date is vulnerable against XSS/CSS attacks.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/40913/oracle-wf_route.txt
Source: https://packetstormsecurity.com/files/40913/oracle-wf_route.txt.html