XML eXternal Entity injection (XXE), which is now part of the OWASP Top 10 via the point A4, is a type of attack against an application that parses XML input. XXE issue is referenced under the ID 611 ...
Disable DOCTYPE Disable external entities Disable external DTD loading Enable secure processing mode Disable XInclude Limit entity expansion Do not use legacy XML parsers Never parse untrusted XML ...