Added HTML Content Injection template

* Added new HTML Content Injection template, as per VRT update #372 - bugcrowd/vulnerability-rating-taxonomy#372
* Updated server_side_injection.content_spoofing guidance file as it was referring to the incorrect vulnerability type

submissions/description/server_side_injection/content_spoofing/guidance.md

@@ -2,4 +2,4 @@
 
 Provide a step-by-step walkthrough with a screenshot on how to access the vulnerable injection point, and how to exploit the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
 
-Attempt to escalate the failure to invalidate the session on password change. If this is possible, provide a full Proof of Concept (PoC).
+Attempt to escalate the content spoofing vulnerability. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/server_side_injection/content_spoofing/html_content_injection/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how to access the vulnerable injection point, and how to exploit the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
+
+Attempt to escalate the HTML content injection. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/server_side_injection/content_spoofing/html_content_injection/recommendations.md

@@ -0,0 +1,13 @@
+# Recommendation(s)
+
+There is no single technique to protect from HTML content injection. However, the following best practices should be adhered to:
+
+- Validate all input data, including that which is reflected by a request parameter
+- Refrain from passing HTML data via request parameters. Properly encode the HTML before passing it through a request parameter if there is no other way.
+- Refrain from displaying messages via request parameter. It is best practice to use temporary sessions instead.
+
+For more information, please see:
+
+- <https://capec.mitre.org/data/definitions/148.html>
+- <https://owasp.org/www-community/attacks/Content_Spoofing>
+- <https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding>

submissions/description/server_side_injection/content_spoofing/html_content_injection/template.md

@@ -0,0 +1,26 @@
+# HTML Content Injection
+
+## Overview of the Vulnerability
+
+HTML content injection is a common attack where plaintext or HTML content is injected into a web page that can be rendered in a client. Due to this injection vulnerability in the application, users are often socially engineered to perform an action due to the inherent trust they have in the business and its brand. An attacker to social engineer users to navigate to another website and have them enter information, such as their user credentials.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.
+
+## Steps to Reproduce
+
+1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
+1. Use a browser to navigate to: {{URL}}
+1. Perform {{action}} and capture the request in the HTTP interception proxy
+1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint:
+
+```HTTP
+{{request}}
+```
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}