Description
Edge Side Include injection (ESI Injection) is a vulnerability that allows an attacker to reflect ESI tags in the HTTP response.
The ESI language is based on a small set of XML tags and is used in many popular HTTP surrogate solutions to tackle performance issues by enabling heavy caching of Web content. ESI tags are used to instruct a reverse-proxy (or a caching server) to fetch more information about a web page for which a template is already cached. If an attacker can successfully reflect ESI tags in the HTTP response, then the surrogate will blindly parse and evaluate them, believing they are legitimate tags that are served from the upstream server.
Remediation
Apply context-dependent encoding and/or validation to user input rendered on a page. Mitigation techniques against XSS recommended for the language or framework you are using will often be enough to protect against ESI injections.
References
Related Vulnerabilities
WordPress Plugin Meks Flexible Shortcodes Cross-Site Scripting (1.3.4)
WordPress Plugin Contact Form 7-Clockwork SMS Cross-Site Scripting (2.3.0)
WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.19)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.2.12)