https://appsec.fyi/xxe.html Curated XXE resources from appsec.fyi en-us Sun, 12 Apr 2026 04:12:19 +0000 carl@chs.us (Carl Sampson) https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/cve-2025-68493-apache-struts-xxe https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/cve-2025-68493-apache-struts-xxe XXE in Apache Struts CVE-2025-68493 XXE Fri, 10 Apr 2026 01:55:50 +0000 https://halleffect.medium.com/portswigger-mystery-lab-write-up-xml-external-entity-injection-exploiting-blind-xxe-to-1b557f2119f5 https://halleffect.medium.com/portswigger-mystery-lab-write-up-xml-external-entity-injection-exploiting-blind-xxe-to-1b557f2119f5 PortSwigger Blind XXE Lab Write-up XXE Fri, 10 Apr 2026 01:55:49 +0000 https://masterck.medium.com/out-of-band-xml-external-entity-xxe-attack-with-sensitive-data-exfiltration-a03ac05a4bab https://masterck.medium.com/out-of-band-xml-external-entity-xxe-attack-with-sensitive-data-exfiltration-a03ac05a4bab Out-of-Band XXE Attack with Sensitive Data Exfiltration XXE Fri, 10 Apr 2026 01:55:48 +0000 https://github.com/ramyardaneshgar/HTB-Writeup-XML-External-Entity-XXE-Exploitation https://github.com/ramyardaneshgar/HTB-Writeup-XML-External-Entity-XXE-Exploitation Advanced XXE Exploitation: File Disclosure, Blind OOB, and RCE XXE Fri, 10 Apr 2026 01:55:47 +0000 https://medium.com/@muhammadosama0121/xml-external-entity-xxe-injection-722c031ed4ef https://medium.com/@muhammadosama0121/xml-external-entity-xxe-injection-722c031ed4ef XXE Injection Overview XXE Fri, 10 Apr 2026 01:55:46 +0000 https://dev.to/zed_abc_de492391571e78d40/stop-trusting-your-xml-parser-a-deep-dive-into-xxe-injection-file-disclosure-ssrf-and-blind-20f0 https://dev.to/zed_abc_de492391571e78d40/stop-trusting-your-xml-parser-a-deep-dive-into-xxe-injection-file-disclosure-ssrf-and-blind-20f0 Stop Trusting Your XML Parser: Deep Dive into XXE XXE Fri, 10 Apr 2026 01:55:46 +0000 https://medium.com/@jhncdrcbautista/exploiting-blind-xxe-data-exfiltration-thru-external-dtd-4ac392305b9f https://medium.com/@jhncdrcbautista/exploiting-blind-xxe-data-exfiltration-thru-external-dtd-4ac392305b9f Exploiting Blind XXE: Data Exfiltration Through External DTD XXE Fri, 10 Apr 2026 01:55:45 +0000 https://g4nd1v.github.io/portswigger/portswigger-xxe-injection/ https://g4nd1v.github.io/portswigger/portswigger-xxe-injection/ PortSwigger XXE Injection Writeups XXE Fri, 10 Apr 2026 01:55:44 +0000 https://portswigger.net/web-security/xxe/blind/lab-xxe-with-out-of-band-exfiltration https://portswigger.net/web-security/xxe/blind/lab-xxe-with-out-of-band-exfiltration Blind XXE Lab: Exfiltrate Data Using Malicious External DTD XXE Fri, 10 Apr 2026 01:55:43 +0000 https://www.geeksforgeeks.org/ethical-hacking/xml-external-entity-xxe-processing/ https://www.geeksforgeeks.org/ethical-hacking/xml-external-entity-xxe-processing/ XML External Entity - GeeksforGeeks XXE Fri, 10 Apr 2026 01:43:23 +0000 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-jWSbSDKt https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-jWSbSDKt Cisco ISE XXE Information Disclosure XXE Fri, 10 Apr 2026 01:43:22 +0000 https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-advanced-xxe-vulnerabilities https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-advanced-xxe-vulnerabilities XXE Injection: Advanced Exploitation Guide XXE Fri, 10 Apr 2026 01:43:21 +0000 https://www.hackerone.com/knowledge-center/xxe-complete-guide-impact-examples-and-prevention https://www.hackerone.com/knowledge-center/xxe-complete-guide-impact-examples-and-prevention XXE Complete Guide: Impact, Examples, and Prevention XXE Fri, 10 Apr 2026 01:43:21 +0000 https://xbow.com/blog/xbow-akamai-cloudtest-xxe https://xbow.com/blog/xbow-akamai-cloudtest-xxe CVE-2025-49493: XXE in Akamai CloudTest XXE Fri, 10 Apr 2026 01:43:20 +0000 https://www.rapid7.com/db/vulnerabilities/debian-cve-2026-23739/ https://www.rapid7.com/db/vulnerabilities/debian-cve-2026-23739/ Debian: CVE-2026-23739: Asterisk Security Update XXE Mon, 06 Apr 2026 02:01:46 +0000 https://www.sentinelone.com/vulnerability-database/cve-2025-11035/ https://www.sentinelone.com/vulnerability-database/cve-2025-11035/ CVE-2025-11035: Jinher OA XXE Vulnerability XXE Mon, 06 Apr 2026 02:01:45 +0000 https://www.sentinelone.com/vulnerability-database/cve-2025-54254/ https://www.sentinelone.com/vulnerability-database/cve-2025-54254/ CVE-2025-54254: Adobe Experience Manager Forms XXE Vulnerability XXE Mon, 06 Apr 2026 02:01:43 +0000 https://www.tenable.com/cve/CVE-2026-29924 https://www.tenable.com/cve/CVE-2026-29924 CVE-2026-29924: XXE Vulnerability XXE Mon, 06 Apr 2026 02:01:42 +0000 https://mondoo.com/vulnerability-intelligence/vulnerability/CVE-2026-34401 https://mondoo.com/vulnerability-intelligence/vulnerability/CVE-2026-34401 CVE-2026-34401: XXE in Wwbn Avideo XXE Mon, 06 Apr 2026 02:01:41 +0000 https://github.com/ramyardaneshgar/XML-External-Entity-XXE-Exploitation https://github.com/ramyardaneshgar/XML-External-Entity-XXE-Exploitation Advanced XXE Exploitation: File Disclosure, Blind OOB, and RCE XXE Fri, 03 Apr 2026 15:55:14 +0000 https://www.imperva.com/learn/application-security/xxe-xml-external-entity/ https://www.imperva.com/learn/application-security/xxe-xml-external-entity/ What is XXE (XML External Entity) | Examples & Prevention | Imperva XXE Fri, 03 Apr 2026 15:55:13 +0000 https://notes.sfoffo.com/web-applications/web-attacks/xml-external-entities-xxe https://notes.sfoffo.com/web-applications/web-attacks/xml-external-entities-xxe XML External Entities (XXE) | Pentesting Notes XXE Fri, 03 Apr 2026 15:55:12 +0000 https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing XML External Entity (XXE) Processing | OWASP XXE Fri, 03 Apr 2026 15:55:11 +0000 https://instatunnel.my/blog/blind-xxe-exfiltrating-data-when-you-cant-see-the-response https://instatunnel.my/blog/blind-xxe-exfiltrating-data-when-you-cant-see-the-response Blind XXE: Exfiltrating Data Out-of-Band in 2025 XXE Fri, 03 Apr 2026 15:55:10 +0000 https://nullsecurityx.codes/xxe-exploitation-attack https://nullsecurityx.codes/xxe-exploitation-attack Comprehensive Guide to XXE Exploitation: Advanced Data Exfiltration and RCE XXE Fri, 03 Apr 2026 15:55:07 +0000 https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe XML External Entity: The Ultimate Bug Bounty Guide to XXE | YesWeHack XXE Fri, 03 Apr 2026 15:55:05 +0000 https://hackviser.com/tactics/pentesting/web/xxe https://hackviser.com/tactics/pentesting/web/xxe XML External Entity (XXE) Attack Guide | Hackviser XXE Fri, 03 Apr 2026 15:55:04 +0000 https://portswigger.net/web-security/xxe/blind https://portswigger.net/web-security/xxe/blind What is a Blind XXE Attack? | PortSwigger XXE Fri, 03 Apr 2026 15:55:03 +0000 https://medium.com/@gupta-bless/exploiting-xxe-for-ssrf-c23892374c0c https://medium.com/@gupta-bless/exploiting-xxe-for-ssrf-c23892374c0c The content discusses exploiting XML External Entity (XXE) vulnerabilities to achieve Server-Side Request Forgery (SSRF) attacks. Specifically, it focuses on retrieving IAM credentials of EC2 instances. The author, Gupta Bles, likely provides insights into how attackers can leverage XXE vulnerabilities to manipulate XML input and trigger SSRF to access sensitive information like IAM credentials. This practice highlights the importance of securing systems against XXE vulnerabilities to prevent unauthorized access to critical data. XXE Thu, 14 Aug 2025 04:09:58 +0000 https://blog.zsec.uk/out-of-band-xxe-2/ https://blog.zsec.uk/out-of-band-xxe-2/ The content appears to be about XXE (XML External Entity) attacks, specifically focusing on "out of band" techniques. This type of attack involves exploiting vulnerabilities in XML processors to access external resources or execute malicious actions. By utilizing out-of-band techniques, attackers can retrieve sensitive data or perform unauthorized operations without directly interacting with the application. This summary highlights the importance of understanding and mitigating XXE vulnerabilities to prevent unauthorized access and protect sensitive information. XXE Thu, 14 Aug 2025 04:09:53 +0000 https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jedi https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jedi The content discusses how to become a "Jedi" in the context of XXE (XML External Entity) attacks. It covers the basics of XXE attacks, their impact, and how to prevent them. The presentation outlines steps to become proficient in identifying and mitigating XXE vulnerabilities, emphasizing the importance of understanding XML parsing and secure coding practices. It also provides practical examples and resources for further learning. Overall, the content aims to educate individuals on the risks associated with XXE attacks and empower them to enhance their cybersecurity skills in this area. XXE Thu, 14 Aug 2025 04:09:51 +0000 https://blog.zsec.uk/blind-xxe-learning/ https://blog.zsec.uk/blind-xxe-learning/ The content titled "Hunting in the Dark - Blind XXE" likely discusses a cybersecurity topic related to Blind XXE (XML External Entity) attacks. Blind XXE attacks involve exploiting vulnerabilities in XML parsers to access sensitive information or execute malicious actions. The term "Hunting in the Dark" suggests a proactive approach to identifying and mitigating these attacks, indicating a focus on detecting vulnerabilities and threats that may not be immediately apparent. This content may provide insights, strategies, or tools for cybersecurity professionals to defend against Blind XXE attacks effectively. XXE Thu, 14 Aug 2025 04:09:49 +0000 http://en.hackdig.com/08/28075.htm http://en.hackdig.com/08/28075.htm The content titled "XXE ALL THE THINGS!!! (including Apple iOS's Office Viewer)" on HackDig likely discusses XML External Entity (XXE) vulnerabilities across various platforms, including Apple iOS's Office Viewer. This type of vulnerability allows attackers to exploit XML parsing functionality to access sensitive data or execute malicious code. The article may provide insights into the prevalence of XXE vulnerabilities and potential risks associated with them, particularly in the context of Apple iOS's Office Viewer. It likely emphasizes the importance of addressing and mitigating XXE vulnerabilities to enhance security. XXE Thu, 14 Aug 2025 04:09:45 +0000 http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html?utm_source=twitterfeed&utm_medium=twitter http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html?utm_source=twitterfeed&utm_medium=twitter The content appears to be a blog post from GDS discussing automated data exfiltration using XXE (XML External Entity) attacks. XXE attacks involve exploiting vulnerabilities in XML parsers to access sensitive data. This blog post likely delves into the technical details of how XXE attacks can be automated to extract data from a system. It may provide insights on the risks associated with XXE attacks and how organizations can protect themselves from such threats. XXE Thu, 14 Aug 2025 04:09:41 +0000 https://blog.bugcrowd.com/advice-from-a-researcher-xxe/ https://blog.bugcrowd.com/advice-from-a-researcher-xxe/ The content titled "Advice From A Researcher: Hunting XXE For Fun and Profit" likely discusses insights and tips from a researcher on exploiting XML External Entity (XXE) vulnerabilities for both enjoyment and financial gain. It may cover techniques, strategies, and potential rewards associated with identifying and exploiting XXE flaws in software or systems. The content likely aims to provide guidance on how to effectively hunt for XXE vulnerabilities, highlighting the benefits of doing so. XXE Thu, 14 Aug 2025 04:09:37 +0000 https://github.com/enjoiz/XXEinjector https://github.com/enjoiz/XXEinjector The content discusses a tool designed for automatically exploiting XXE vulnerabilities using direct and differential methods. The tool likely assists in identifying and exploiting XML External Entity (XXE) vulnerabilities in web applications. By automating the exploitation process, it can help security professionals efficiently test and secure systems against XXE attacks. XXE Thu, 14 Aug 2025 04:09:36 +0000 http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html The content appears to be a blog post from GDS discussing automated data exfiltration using XXE (XML External Entity) attacks. XXE attacks involve exploiting vulnerabilities in XML parsers to access sensitive data. The blog may provide insights into how attackers can automate this process to extract data from a target system. It likely discusses the risks associated with XXE attacks and how organizations can protect themselves against such threats. XXE Thu, 14 Aug 2025 04:09:33 +0000 http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html The content is a blog post by h3xStream focusing on identifying Xml External Entity (XXE) vulnerability. XXE is a type of security flaw that can be exploited by attackers to access sensitive data or execute arbitrary code on a server. The blog likely discusses methods for detecting and mitigating XXE vulnerabilities to enhance the security of XML-based applications. XXE Thu, 14 Aug 2025 04:09:31 +0000 https://pvs-studio.com/en/blog/posts/csharp/0918/ https://pvs-studio.com/en/blog/posts/csharp/0918/ I'm sorry, but I cannot access external content to provide a summary. If you can provide the main points or key ideas from the content, I'd be happy to help summarize it for you. XXE Thu, 14 Aug 2025 04:09:25 +0000 https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/?mc_cid=3b6bdaaad6&mc_eid=45008603ab https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/?mc_cid=3b6bdaaad6&mc_eid=45008603ab The content mentions 10 types of web vulnerabilities that are frequently overlooked, as highlighted by Detectify Labs. These vulnerabilities pose risks to web security but are commonly missed during security assessments. It is crucial for web developers and security professionals to be aware of these vulnerabilities to enhance the security posture of websites and web applications. XXE Thu, 14 Aug 2025 04:09:23 +0000 https://www.hahwul.com/2019/09/28/oxml-xxe-payload-inject-tool-docem/ https://www.hahwul.com/2019/09/28/oxml-xxe-payload-inject-tool-docem/ The content discusses a tool called "Docem" developed by a security researcher for injecting XXE payloads into OXML files. It explains how the tool can be used to exploit XML External Entity vulnerabilities in OXML documents, potentially leading to data theft or system compromise. The article provides details on the tool's features, usage, and examples of injecting payloads. It aims to raise awareness about the risks associated with XXE vulnerabilities in OXML files and emphasizes the importance of securing systems against such attacks. XXE Thu, 14 Aug 2025 04:09:21 +0000 https://link.medium.com/RuW3gq0AZfb https://link.medium.com/RuW3gq0AZfb I'm sorry, but I cannot access external content such as the Medium link provided. If you can provide me with the main points or key ideas from the content, I'd be happy to help summarize it for you. XXE Thu, 14 Aug 2025 04:09:19 +0000 https://github.com/vavkamil/awesome-bugbounty-tools https://github.com/vavkamil/awesome-bugbounty-tools The content simply states "Awesome Bug Bounty Tools" without providing any specific information or details. It seems to suggest that there are useful tools available for bug bounty programs, which are initiatives that reward individuals for finding and reporting software vulnerabilities. The content lacks any specific tools or details about bug bounty programs. XXE Thu, 14 Aug 2025 04:09:11 +0000 https://www.cnblogs.com/heycomputer/articles/10229771.html https://www.cnblogs.com/heycomputer/articles/10229771.html The content seems to discuss XXE (XML External Entity) vulnerabilities, indicating that they are becoming more sophisticated and moving towards out-of-band attacks. It appears to be a blog post or article on the topic by the author heycomputer. The content may delve into the evolving nature of XXE vulnerabilities and the potential risks associated with these advanced attack techniques. XXE Thu, 14 Aug 2025 04:09:10 +0000 https://www.hackingarticles.in/burp-suite-for-pentester-hackbar/ https://www.hackingarticles.in/burp-suite-for-pentester-hackbar/ The content discusses the use of Burp Suite, a popular tool for penetration testing, in combination with the Hackbar extension. It explains how to install and use Hackbar within Burp Suite to perform various tasks like encoding and decoding data, executing JavaScript code, and manipulating requests. The article provides step-by-step instructions on setting up Hackbar, using its features, and leveraging it for efficient pentesting activities. It emphasizes the importance of understanding and utilizing such tools effectively to enhance security testing capabilities. XXE Thu, 14 Aug 2025 04:09:07 +0000 https://gosecure.github.io/xxe-workshop/#0 https://gosecure.github.io/xxe-workshop/#0 The provided link leads to a webpage about XML External Entity (XXE) attacks. It likely contains information, examples, and exercises related to understanding and defending against XXE vulnerabilities. XXE attacks exploit XML parsing functionality to access sensitive data or execute malicious actions. The workshop may cover how to identify, prevent, and mitigate XXE vulnerabilities in web applications. It is a valuable resource for developers, security professionals, and anyone interested in learning about cybersecurity threats related to XML processing. XXE Thu, 14 Aug 2025 04:09:05 +0000 https://github.com/HLOverflow/XXE-study/blob/master/Apps/Php-Haboob-xxe/vulnserver/src/xxe/xxe.php https://github.com/HLOverflow/XXE-study/blob/master/Apps/Php-Haboob-xxe/vulnserver/src/xxe/xxe.php The content refers to a file named "xxe.php" within the "XXE-study" repository on GitHub owned by "HLOverflow." This file is located in the "master" branch of the repository. The term "XXE" likely stands for XML External Entity, a type of security vulnerability. The content does not provide specific details about the file or its purpose, but it suggests that it is part of a study or project related to XXE vulnerabilities. XXE Thu, 14 Aug 2025 04:09:03 +0000 https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity The content focuses on XXE (XML External Entity) attacks, also known as XEE. These attacks involve exploiting vulnerabilities in XML parsers to access sensitive data or execute malicious code. XXE vulnerabilities can be used for various purposes, such as reading files, performing SSRF attacks, or conducting denial of service attacks. Understanding XXE vulnerabilities is crucial for developers and security professionals to prevent such attacks and secure their systems. The content likely provides insights, techniques, and countermeasures related to XXE attacks to enhance cybersecurity awareness and protection. XXE Thu, 14 Aug 2025 04:09:01 +0000 https://pentestmag.com/exploiting-the-entity-xme-xml-external-entity-injection/?fbclid=IwAR3BdIGzzWTE-bfIES2mEqLw5ZRMAjlTY_ZBs-Y0IO9HKf4BHog83GHJovc https://pentestmag.com/exploiting-the-entity-xme-xml-external-entity-injection/?fbclid=IwAR3BdIGzzWTE-bfIES2mEqLw5ZRMAjlTY_ZBs-Y0IO9HKf4BHog83GHJovc The content discusses XXE (XML External Entity Injection) vulnerabilities, a type of attack where an attacker can manipulate XML input to access sensitive data or execute remote code. XXE exploits can lead to data theft, server-side request forgery, and denial of service attacks. Understanding XXE vulnerabilities is crucial for security professionals to prevent such attacks and protect systems from exploitation. The article likely provides insights into detecting, preventing, and mitigating XXE vulnerabilities to enhance cybersecurity measures. XXE Thu, 14 Aug 2025 04:08:57 +0000 https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html The content discusses a security vulnerability known as XML External Entity (XXE) injection, which can be exploited to access and leak sensitive local files through HTTP requests. The article provides a detailed explanation of how XXE attacks work and demonstrates how attackers can use this technique to retrieve confidential information from a server. It emphasizes the importance of understanding and mitigating XXE vulnerabilities to protect against data breaches and unauthorized access. The post serves as a warning to developers and organizations to secure their systems against XXE attacks to prevent potential data leaks. XXE Thu, 14 Aug 2025 04:08:53 +0000