An XML bomb is a small but dangerous message that is composed and sent with the intent of overwhelming the program that parses XML files. When the XML parser tries to process an XML bomb, the data feeds on itself and grows exponentially. This can shut down a Web site or ISP (Internet service provider) and is one of many methods used by hackers to carry out denial-of-service attacks.
XML, a formal recommendation from the W3C (World Wide Web Consortium), is similar to the language of today's Web pages, HTML (Hypertext Markup Language). An XML file can be displayed like an HTML file or processed as data by a program. An XML bomb takes advantage of the latter of these features to cause a "data explosion," hence the expression "bomb."