The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.
