HTML tag inside json

[MidavSec]

Is it correct/by intention that HTML tags are included inside json files e.g. https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/0xxx/CVE-2024-0762.json

                "supportingMedia": [
                    {
                        "base64": false,
                        "type": "text/html",
                        "value": "<div>\nPotential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore™ for select Intel platforms</div><br><p>This issue affects:</p><p>\nPhoenix \n\nSecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;</p><p>\nPhoenix \n\nSecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;</p><p>\nPhoenix \n\nSecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;</p><p>\nPhoenix \n\nSecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;</p><p>\nPhoenix \n\nSecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;</p><p>\nPhoenix \n\nSecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;</p><p>\nPhoenix \n\nSecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;</p><p>\nPhoenix \n\nSecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;</p><p>\nPhoenix \n\nSecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.</p>"
                    }

thank you for a clarification.

[M-nj]

Certain CVE record JSON fields such as supportingMedia.value allow for text strings to contain HTML. See https://github.com/CVEProject/cve-schema/blob/main/schema/CVE_Record_Format.json#L690 for reference.