CVE-2026-1183
HTML Injection in Botble Products via /search?q Parameter
Publication date: 2026-01-20
Last updated on: 2026-01-20
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| botble | transp | * |
| botble | athena | * |
| botble | martfury | * |
| botble | homzen | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1183 is an HTML injection vulnerability found in multiple Botble products such as TransP, Athena, Martfury, and Homzen. It occurs because the 'q' parameter in requests sent to the '/search' endpoint does not properly validate user input, allowing attackers to inject malicious HTML code into the web page. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to inject malicious HTML into the affected web applications, potentially leading to issues such as content manipulation, phishing, or other attacks that exploit the injected HTML. Since it requires user interaction (UI:A), the impact depends on users visiting crafted URLs or submitting malicious input. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by sending HTTP requests to the '/search' endpoint with the 'q' parameter containing HTML tags or scripts to see if the input is improperly reflected without sanitization. For example, using curl: curl -G 'http://target-site/search' --data-urlencode 'q=<script>alert(1)</script>' and observing if the response includes the injected HTML or script. This indicates the presence of the HTML injection vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch or solution has been reported yet, immediate mitigation steps include implementing input validation and sanitization on the 'q' parameter at the application level to prevent HTML injection. Additionally, consider applying web application firewall (WAF) rules to block malicious payloads targeting the '/search' endpoint and monitor for suspicious requests. [1]