diff --git a/python/ql/src/experimental/semmle/python/frameworks/XML.qll b/python/ql/src/experimental/semmle/python/frameworks/XML.qll
index f44e42c2380..6c1228494d0 100644
--- a/python/ql/src/experimental/semmle/python/frameworks/XML.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/XML.qll
@@ -142,6 +142,8 @@ private module XML {
       exists(XMLParser xmlParser |
         xmlParser.mayBeDangerous() and this.getArgByName("parser").getALocalSource() = xmlParser
       )
+      or
+      not exists(this.getArgByName("parser"))
     }
   }
 
diff --git a/python/ql/src/experimental/semmle/python/security/XXE.qll b/python/ql/src/experimental/semmle/python/security/XXE.qll
index 2d4a1aca7f1..7998d4081db 100644
--- a/python/ql/src/experimental/semmle/python/security/XXE.qll
+++ b/python/ql/src/experimental/semmle/python/security/XXE.qll
@@ -19,17 +19,19 @@ class XXEFlowConfig extends TaintTracking::Configuration {
 
   override predicate isSink(DataFlow::Node sink) {
     exists(XMLParsing xmlParsing | xmlParsing.mayBeDangerous() and sink = xmlParsing.getAnInput())
+    or
+    exists(XMLParser xmlParser | sink = xmlParser.getAnInput() and xmlParser.mayBeDangerous())
   }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
     guard instanceof StringConstCompare
   }
 
-  override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeIn) {
+  override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     exists(DataFlow::CallCfgNode ioCalls |
       ioCalls = API::moduleImport("io").getMember(["StringIO", "BytesIO"]).getACall() and
-      nodeFrom = ioCalls and
-      nodeIn = ioCalls.getArg(0)
+      nodeFrom = ioCalls.getArg(0) and
+      nodeTo = ioCalls
     )
   }
 }
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-611/general.py b/python/ql/test/experimental/query-tests/Security/CWE-611/general.py
index 2833e595b76..c9f8cc984bd 100644
--- a/python/ql/test/experimental/query-tests/Security/CWE-611/general.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-611/general.py
@@ -1,5 +1,5 @@
 from flask import request, Flask
-from io import StringIO
+from io import StringIO, BytesIO
 import xml.etree
 import xml.etree.ElementTree
 import lxml.etree
@@ -42,7 +42,7 @@ def xmltodict_parse():
 
 
 @app.route("/lxml.etree.XMLParser+lxml.etree.fromstring")
-def test1():
+def lxml_XMLParser_fromstring():
     xml_content = request.args['xml_content']
 
     parser = lxml.etree.XMLParser()
@@ -50,7 +50,7 @@ def test1():
 
 
 @app.route("/lxml.etree.get_default_parser+lxml.etree.fromstring")
-def test1():
+def lxml_defaultParser_fromstring():
     xml_content = request.args['xml_content']
 
     parser = lxml.etree.get_default_parser()
@@ -58,7 +58,7 @@ def test1():
 
 
 @app.route("/lxml.etree.XMLParser+xml.etree.ElementTree.fromstring")
-def test1():
+def lxml_XMLParser_xml_fromstring():
     xml_content = request.args['xml_content']
 
     parser = lxml.etree.XMLParser()
@@ -66,7 +66,7 @@ def test1():
 
 
 @app.route("/lxml.etree.XMLParser+xml.etree.ElementTree.parse")
-def test1():
+def lxml_XMLParser_xml_parse():
     xml_content = request.args['xml_content']
 
     parser = lxml.etree.XMLParser()
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-611/xml_sax_make_parser.py b/python/ql/test/experimental/query-tests/Security/CWE-611/xml_sax_make_parser.py
index 16cee1a4d2c..11bb1715a0b 100644
--- a/python/ql/test/experimental/query-tests/Security/CWE-611/xml_sax_make_parser.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-611/xml_sax_make_parser.py
@@ -22,14 +22,14 @@ class MainHandler(xml.sax.ContentHandler):
 
 
 @app.route("/MainHandler")
-def test1():
+def mainHandler():
     xml_content = request.args['xml_content']
 
     return MainHandler().parse(StringIO(xml_content))
 
 
 @app.route("/xml.sax.make_parser()+MainHandler")
-def test1():
+def xml_makeparser_MainHandler():
     xml_content = request.args['xml_content']
 
     BadHandler = MainHandler()
@@ -40,7 +40,7 @@ def test1():
 
 
 @app.route("/xml.sax.make_parser()+MainHandler-xml.sax.handler.feature_external_ges_False")
-def test1():
+def xml_makeparser_MainHandler_entitiesFalse():
     xml_content = request.args['xml_content']
 
     BadHandler = MainHandler()
@@ -55,7 +55,7 @@ def test1():
 
 
 @app.route("/xml.sax.make_parser()+MainHandler-xml.sax.handler.feature_external_ges_True")
-def test1():
+def xml_makeparser_MainHandler_entitiesTrue():
     xml_content = request.args['xml_content']
 
     GoodHandler = MainHandler()
@@ -67,7 +67,7 @@ def test1():
 
 
 @app.route("/xml.sax.make_parser()+xml.dom.minidom.parse-xml.sax.handler.feature_external_ges_True")
-def test1():
+def xml_makeparser_minidom_entitiesTrue():
     xml_content = request.args['xml_content']
 
     parser = xml.sax.make_parser()