Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

HTML injection in multiple Botble products

Posted date 17/11/2025
Identificador
INCIBE-2026-036
Importance
3 - Medium
Affected Resources

The following Botble products are affected:

  • TransP;
  • Athena;
  • Martfury;
  • Homzen.
Description

INCIBE has coordinated the publication of a medium-severity vulnerability affecting TransP, Athena, Martfury, and Homzen from Botble. The vulnerability was discovered by Gonzalo Aguilar García (6h4ack).

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type:

  • CVE-2026-1183: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N | CWE-79
Solution

There is no solution reported at this time.

Detail

CVE-2026-1183: HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter.

CVE
Explotación
No
References list
Botble - Laravel Outsourcing Team
Etiquetas