Let's now look at another type of vulnerability that we may come across while performing a pentest. XML External Entity (XEE) attacks are a type of attack against an application that parses XML input poorly. These types of attacks can lead to local file disclosure such as password files. It can also be used to pivot to other internal systems in the network using RCE.