rspec/rules/S6373/description.adoc

XML standard allows the inclusion of xml files with the https://www.w3.org/TR/xinclude-11/[xinclude] element.

XML processors will replace an xinclude element with the content of the file located at the URI defined in the href attribute, potentially from an external storage such as file system or network, which may lead, if no restrictions are put in place, to arbitrary file disclosures or https://owasp.org/www-community/attacks/Server_Side_Request_Forgery[server-side request forgery (SSRF)] vulnerabilities.
	`XML standard allows the inclusion of xml files with the https://www.w3.org/TR/xinclude-11/[xinclude] element.`

	`XML processors will replace an xinclude element with the content of the file located at the URI defined in the href attribute, potentially from an external storage such as file system or network, which may lead, if no restrictions are put in place, to arbitrary file disclosures or https://owasp.org/www-community/attacks/Server_Side_Request_Forgery[server-side request forgery (SSRF)] vulnerabilities.`