This could be ‘Mod Security’ at the server level, rather than Concrete itself.
If you are using cPanel, try looking in that to see if there’s an option to temporarily turn Mod Security back on (but best to turn it back on after your HTML entry).
Or, you may need to contact your host to see if they can ‘whitelist’ a triggered security rule.