olemus
liik veebirakenduse ründeid, mis kasutab ära XML parseri konfiguratsiooni nõrkusi ja paigutab sobiva välisolemiviite
XML-lähteandmetesse
= attack against web application whose XML input containing a reference to an external entity is processed by a weakly configured XML parser

ülevaateid
https://en.wikipedia.org/wiki/XML_external_entity_attack
https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)
https://www.linkedin.com/pulse/xxe-attack-basics-nick-frichette
https://www.sans.org/reading-room/whitepapers/application/hands-on-xml-external-entity-vulnerability-training-module-34397
http://www.cs.tufts.edu/comp/116/archive/fall2015/rhogue.pdf

tõrje
https://www.neuralegion.com/blog/xml-external-entity-xxe-injection/
https://wiki.sei.cmu.edu/confluence/display/java/IDS17-J.+Prevent+XML+External+Entity+Attacks
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html