Initial finding Disclaimer: This information was found during a pen-test on a client. For that reason, my explanations and examples will be very vague and contain no sensitive information relative to the target but it will be kept close to the actual finding. If you’re not sure what XXE is, please refer to OWASP’s wiki…