Skip to content
← Back to Glossary
Injection

XML External Entity (XXE)

Exploiting XML parsers to read internal files or perform SSRF.

XXE attacks exploit XML parsers that process external entities. Attackers can read server files, perform SSRF to internal services, or cause denial of service (Billion Laughs attack). Disable external entity processing in XML parsers.

Related Terms

See if your app is vulnerable

Vezraa checks for related security issues. Scan in 25 seconds.

XML External Entity (XXE) — Security Glossary | Vezraa