MEDIUM
TODDR
CVE published 2026-05-19
CVE-2026-5090
CVE-2026-5090 affects Template::Plugin::HTML versions through 3.102 for Perl. According to the published description, the module's html_filter function did not escape single quotes, which means data placed into HTML attributes delimited by single quotes could break out of the attribute and inject limited HTML or JavaScript. The issue is narrower than full raw HTML injection because angle brackets, ampersa [truncated]