XML eXternal Entity injection (XXE) is a type of attack against an application that parses XML input. XXE issue is referenced under the ID 611 in the Common Weakness Enumeration referential. This attack occurs when untrusted XML input containing a reference to an external entity is processed by a weakly configured XML parser. The safest way to prevent XXE is always to disable DTDs (External Entities) completely. Java applications using XML libraries are particularly vulnerable to XXE because the default settings for most Java XML parsers is to have XXE enabled.”]
Source: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html