HTML Injection attack is similar to Cross-site Scripting (XSS) and is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.
HTML injection occurs when an attacker is able to control an input point and inject malicious HTML code into a vulnerable web page in order to execute remote commands that can change data on a web site. In many cases the attacker will use this technique to create visual defacements to a webpage and present fake content to lue users to click on malicious links or enter their personal information into the attacker's HTTP form page