XXE (eXternal XML Entities) and SSRF (Server-Side Request Forgery)

From Andrew Novocin