CVE-2026-1183

Summary

HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter.

Affected Software

VendorProductVersion RangeStatus
BotbleTransPall versionsaffected
BotbleAthenaall versionsaffected
BotbleMartfuryall versionsaffected
BotbleHomzenall versionsaffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References