Tag: xxe

All the articles with the tag "xxe".

• XML External Entity Injection: Exploiting a Legacy Supplier Import Endpoint

  kOaDT

  18 Feb, 2026

  Exploiting an insecure XML parser in the supplier order import feature to read arbitrary server-side files and retrieve a flag.