XML injection manipulates or compromises the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intended logic of an application, and XML Injection can cause the insertion of malicious content into resulting messages/documents.
With a successful XML Injection attack, the attacker can steal the entire database, and can even log in as the administrator of the website. This means that all of the sensitive data stored in the XML database will be accessible to the hacker.
XML injection attack defenses should ensure user input is properly managed and sanitized before it is allowed to reach the main program code. The best approach is to consider all user input as unsafe and to properly monitor/sanitize this input.