What is XML External Entity Injection (XXE)?
XML External Entity Injection (XXE) is a web security vulnerability that allows attackers to interfere with an application’s processing of XML data. Attackers exploit these vulnerabilities to view files on the application server file system, and to interact with any systems that the application can access.