A4 - XML External Entities (XXE)

XML External Entity (XXE) Injection occurs when XML parsers allow for the processing of external XML entities. These external entities can reference files on the local file system or even share drives. The successful exploitation of XXE can result in the ability to compromise read arbitrary files on the remote server, mapping of internal networks, and in some cases it can lead to remote code execution.