(also XXE, XML external entity injection, XML external entity attack, XXE attack)
XML external entity (or XXE) is a cyberattack during which an attacker interferes with the processing of XML data within the web app. The attack occurs when untrusted XML input containing a reference to an external entity is processed by a weakly configured XML parser (reader).