Home
MEDIUM: 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:NDefault status
unaffected
all versions
affected
Default status
unaffected
all versions
affected
Default status
unaffected
all versions
affected
Default status
unaffected
all versions
affected
Description
HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Product status
all versions
all versions
all versions
all versions
Credits
Gonzalo Aguilar García (6h4ack)
References
www.incibe.es/...iso/html-injection-multiple-botble-products