XML External Entities (XXE)
These attacks affect applications that process XML input using an XML parser that is not configured securely (often a default), allowing a hacker to possibly view files within the app server filesystem or to interact with back-end and other systems that the application can access internally. XXE attacks can sometimes be escalated to denial of service (DoS) attacks as well as other attacks on the back-end infrastructure.