Skip to content
application-security

XXE

XML External Entity Injection

Definition

XXE is a vulnerability in XML parsers that process external entity references, allowing attackers to read arbitrary files from the server, perform SSRF, or cause denial of service. It occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

Prevention requires disabling external entity processing and DTD processing in XML parser configurations.

Related Terms

SSRF
Server-Side Request Forgery
Injection
Injection Attack
Input Validation
Input Validation
← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product