XML External Entity attacks are a lesser-known threat, learn how to protect your PHP application. Published 2012-08-27 # There's an injection attack that's been around for a while now that's slipped under the radar for a lot of web application developers. Unfortunately, it can be one that could cause some serious information disclosure (or exploits) if it's not taken care of. XXE (an XML eXternal