Enumerate and exfiltrate files via out of band XXE, for situations where resolved entity is not displayed in the response, and directory listing is not available.
-
Updated
Apr 4, 2018 - JavaScript
#
xxe
Here are 4 public repositories matching this topic...
WordPress RCE - Authenticated XXE (CVE-2021-29447)
-
Updated
Oct 4, 2021 - JavaScript
A comprehensive guide to XML External Entity injection vulnerabilities. Learn how attackers exploit XXE, and how to defend your applications with secure XML parsing configurations.
-
Updated
Dec 21, 2025 - JavaScript
Improve this page
Add a description, image, and links to the xxe topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the xxe topic, visit your repo's landing page and select "manage topics."