By Fernando Arnaboldi
eXternal Entity (XXE) attacks are a common threat to applications using XML
schemas, either actively or unknowingly. That is because we continue to use XML
schemas that can be abused in multiple ways. Programming languages and
libraries use XML schemas to define the expected contents of XML documents,
SAML authentications or SOAP messages. XML schemas were intended to constrain
document definitions, yet they have introduced multiple attack avenues.