An XML External Entity (XXE) attack is a type of computer security vulnerability typically found in Web applications. XXE enables attackers to disclose normally protected files from a server or connected network.
The XML standard includes the idea of an external general parsed entity (an external entity). During parsing of the XML document, the parser will expand these links and include the content of the URI in the returned XML document.
Example external entity attack:
References
XML external entity attack Wikipedia(Text) CC BY-SA