HTML Injection is a vulnerability in which the attacker can inject malicious html content in the webpage.
1. Open tab Edit Customers, click Edit customer
2. Inject this payload at field Name: <marquee>TEST TEST TEST</marquee>. And then click Save
3. Go to the profile page of this customer, you will see the payload executed.
Video POC: https://drive.google.com/file/d/1PQsCXKOrcZb80xj91vzjIaDGEN562h2Y/view?usp=sharing