This is a vulnerability which features in OWASP top 10 vulnerabilites. It stands for XML External Entities. XML is eXtensible Markup Language which is widely used in web applications. This attack takes place when the attacker puts XML parser to parse the input to an unauthorized external entity where external entity refers to a different location other than the intended location and thus allowing attacker to directly get data from that location.