HTTP Parameter Pollution (HPP) vulnerabilities allow attackers to exploit web applications by manipulating the query parameters in the URL and requested body which causes the Cross Site Scripting or Privilege Escalation or bypass Authorization.
HTTP Parameter Pollution affects both Server side as well as Client Side components as it is injecting additional/multiple parameters (i.e. GET/POST/Cookie) to the links, tags, attributes.
HTTP Parameter Pollution attacks may add parameters or overwrite the existing parameters variables by injecting query string delimiters into existing HTTP parameters.
If exploited it can be launched from Client Side or server side attacks.
Prevention of HTTP Parameter Pollution: