What is HTML?

HTML stands for Hypertext Markup Language.It is a standard markup language for web pages. Collection of web pages makes a website. HTML elements are represented by <> tags. Where each tag has a different working.

What is HTML Injection Attack?

HTML Injection is a vulnerability which occurs in web applications that allows users to insert HTML code via a specific parameter or an entry point.HTML Injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own content into the page. It is generally exploited using social engineering in order to trick valid users of the application to open malicious websites or to insert the credentials in a fake login form that will redirect the users to a page that captures cookies or credentials

Severity

The severity of HTML Injection can be categorized as P4 bug with a CVSS score of 0.1-3.9 which is Low. In case of an account takeover it can be categorized as P3.

Exploiting HTML Injection