Description

Edge Side Include injection (ESI Injection) is a vulnerability that allows an attacker to reflect ESI tags in the HTTP response.

The ESI language is based on a small set of XML tags and is used in many popular HTTP surrogate solutions to tackle performance issues by enabling heavy caching of Web content. ESI tags are used to instruct a reverse-proxy (or a caching server) to fetch more information about a web page for which a template is already cached. If an attacker can successfully reflect ESI tags in the HTTP response, then the surrogate will blindly parse and evaluate them, believing they are legitimate tags that are served from the upstream server.

Remediation

Apply context-dependent encoding and/or validation to user input rendered on a page. Mitigation techniques against XSS recommended for the language or framework you are using will often be enough to protect against ESI injections.

References

Beyond XSS: Edge Side Include Injection

Related Vulnerabilities

WordPress Plugin 3D Cover Carousel Cross-Site Scripting (1.0)

WordPress Plugin WooPay-Inicis Cross-Site Scripting (1.1.3)

WordPress Plugin New Year Firework Cross-Site Scripting (1.1.9)

WordPress Plugin Gallery-Photo Albums-Portfolio Multiple Cross-Site Scripting Vulnerabilities (1.2.29)

WordPress Plugin Appointment Booking Calendar Cross-Site Scripting (1.3.18)

Severity

High

Classification

CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Denial Of Service SSRF XSS Acumonitor