SecPlusTrainer / Glossary / What is XML injection?
D2 · Threats

What is XML injection?

XML injection includes XXE (XML External Entity) attacks — referencing external entities in XML to read local files, SSRF, or DoS via entity expansion (billion laughs attack).
XXE is in OWASP Top 10. Prevention: disable external entity processing in XML parsers. Most XML parsers enable XXE by default — explicitly disable it. XXE can read /etc/passwd, cloud metadata, internal files.

Related Terms

What is adversarial AI in cybersecurity? What is an aggregation attack? What is anti-forensics? What is an attack surface?
← Back to Glossary Practice Questions →