A computer attack based on insufficient validation of an incoming XML file. If the system is able to receive data in this format, a link to external objects or local resources of the target system can be inserted by an intruder into a document being transmitted. If content validation is weak, the payload is delivered to the target device and then used for malicious activity. In addition, an XXE attack can give access to confidential data stored on compromised devices.