Content spoofing attack (Brother of Reflected XSS)!
Content spoofing is altering data/text of web pages. XSS uses <script> or any other JS (E.G: <script>alert(1)</script> whereas Content spoofing not. It can be using text or html code. A hacker can deface the page virtually. But not able to own the server/web.
Since there are two good explanation of this vulnerability so you better read there:
Something like this:
It is not such a powerful to hack entire server or an website but sometime these kind of vulnerability is enough to make the users fool.