CVE-2026-24771

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

Hono vulnerable to XSS through ErrorBoundary component

Summary A Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Details The issue is in the...

Cross-site Scripting (XSS)

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ErrorBoundary component of the jsx library, when untrusted user-controlled strings are rendered as raw HTML. An attacker can execute scripts in the victim...

CVE-2026-24771 Hono has a Cross-site Scripting vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

PT-2026-5014

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description A Cross-Site Scripting XSS issue exists in the ErrorBoundary component of the hono/jsx library. Untrusted data from users may be rendered as raw HTML, potentially allowing execution of arbitrary script...