HTML injection is  an  attack  that  is  closely related to Cross- site Scripting (XSS). The difference is not in the  vulnerability, but in the type of attack that leverages the  vulnerability. Hypertext  Markup  Language  (HTML) injection, also sometimes referred to as virtual defacement, is  an  attack  on  a  user  made  possible  by  an  injection vulnerability  in  a  web  application.  When  an  application does not properly handle user supplied data, an attacker can supply  valid  HTML,  typically  via  a  parameter  value,  and inject  their  own  content  into  the  page.  This  attack  is typically  used  in  conjunction  with  some  form  of  social engineering,   as   the   attack   is   exploiting   a   code-based vulnerability and a user’s trust