diff --git a/python/ql/src/experimental/Security/CWE-611/XmlInjection.py b/python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.py
similarity index 100%
rename from python/ql/src/experimental/Security/CWE-611/XmlInjection.py
rename to python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.py
diff --git a/python/ql/src/experimental/Security/CWE-611/XmlInjection.qhelp b/python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.qhelp
similarity index 98%
rename from python/ql/src/experimental/Security/CWE-611/XmlInjection.qhelp
rename to python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.qhelp
index e617835bdef..6da1bf1d306 100644
--- a/python/ql/src/experimental/Security/CWE-611/XmlInjection.qhelp
+++ b/python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.qhelp
@@ -26,7 +26,7 @@ to prevent any potentially malicious operation.
 The following example calls <code>xml.etree.ElementTree.fromstring</code> using a parser (<code>lxml.etree.XMLParser</code>)
 that is not safely configured on untrusted data, and is therefore inherently unsafe.
 </p>
-<sample src="XmlInjection.py"/>
+<sample src="XmlEntityInjection.py"/>
 <p>
 Providing an input (<code>xml_content</code>) like the following XML content against /bad, the request response would contain the contents of
 <code>/etc/passwd</code>.
diff --git a/python/ql/src/experimental/Security/CWE-611/XmlInjection.ql b/python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.ql
similarity index 62%
rename from python/ql/src/experimental/Security/CWE-611/XmlInjection.ql
rename to python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.ql
index 78213f624ea..8f22ded4b15 100644
--- a/python/ql/src/experimental/Security/CWE-611/XmlInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.ql
@@ -1,9 +1,9 @@
 /**
- * @name XML injection
- * @description User input should not be parsed without security options enabled.
+ * @name XML Entity injection
+ * @description User input should not be parsed allowing the injection of entities.
  * @kind path-problem
  * @problem.severity error
- * @id py/xml-injection
+ * @id py/xml-entity-injection
  * @tags security
  *       external/cwe/cwe-611
  *       external/cwe/cwe-776
@@ -12,11 +12,11 @@
 
 // determine precision above
 import python
-import experimental.semmle.python.security.dataflow.XmlInjection
+import experimental.semmle.python.security.dataflow.XmlEntityInjection
 import DataFlow::PathGraph
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, string kind
-where XmlInjection::xmlInjectionVulnerable(source, sink, kind)
+where XmlEntityInjection::xmlEntityInjectionVulnerable(source, sink, kind)
 select sink.getNode(), source, sink,
   "$@ XML input is constructed from a $@ and is vulnerable to " + kind + ".", sink.getNode(),
   "This", source.getNode(), "user-provided value"
diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/XmlInjection.qll b/python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjection.qll
similarity index 65%
rename from python/ql/src/experimental/semmle/python/security/dataflow/XmlInjection.qll
rename to python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjection.qll
index 90e2c9bf342..4669e0e430d 100644
--- a/python/ql/src/experimental/semmle/python/security/dataflow/XmlInjection.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjection.qll
@@ -5,11 +5,11 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources
 import semmle.python.dataflow.new.BarrierGuards
 
-module XmlInjection {
-  import XmlInjectionCustomizations::XmlInjection
+module XmlEntityInjection {
+  import XmlEntityInjectionCustomizations::XmlEntityInjection
 
-  class XMLInjectionConfiguration extends TaintTracking::Configuration {
-    XMLInjectionConfiguration() { this = "XMLInjectionConfiguration" }
+  class XmlEntityInjectionConfiguration extends TaintTracking::Configuration {
+    XmlEntityInjectionConfiguration() { this = "XmlEntityInjectionConfiguration" }
 
     override predicate isSource(DataFlow::Node source) {
       source instanceof RemoteFlowSourceAsSource
@@ -29,13 +29,15 @@ module XmlInjection {
   private import DataFlow::PathGraph
 
   /** Holds if there is an XML injection from `source` to `sink` */
-  predicate xmlInjection(DataFlow::PathNode source, DataFlow::PathNode sink) {
-    any(XMLInjectionConfiguration xmlInjectionConfig).hasFlowPath(source, sink)
+  predicate xmlEntityInjection(DataFlow::PathNode source, DataFlow::PathNode sink) {
+    any(XmlEntityInjectionConfiguration x).hasFlowPath(source, sink)
   }
 
   /** Holds if there is an XML injection from `source` to `sink` vulnerable to `kind` */
-  predicate xmlInjectionVulnerable(DataFlow::PathNode source, DataFlow::PathNode sink, string kind) {
-    xmlInjection(source, sink) and
+  predicate xmlEntityInjectionVulnerable(
+    DataFlow::PathNode source, DataFlow::PathNode sink, string kind
+  ) {
+    xmlEntityInjection(source, sink) and
     (
       xmlParsingInputAsVulnerableSink(sink.getNode(), kind) or
       xmlParserInputAsVulnerableSink(sink.getNode(), kind)
diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/XmlInjectionCustomizations.qll b/python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll
similarity index 99%
rename from python/ql/src/experimental/semmle/python/security/dataflow/XmlInjectionCustomizations.qll
rename to python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll
index 3e9dd22c69c..177f8979956 100644
--- a/python/ql/src/experimental/semmle/python/security/dataflow/XmlInjectionCustomizations.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll
@@ -15,7 +15,7 @@ private import semmle.python.ApiGraphs
  * Provides default sources, sinks and sanitizers for detecting "xml injection"
  * vulnerabilities, as well as extension points for adding your own.
  */
-module XmlInjection {
+module XmlEntityInjection {
   /**
    * A data flow source for "xml injection" vulnerabilities.
    */
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-611/XmlInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-611/XmlEntityInjection.expected
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-611/XmlInjection.expected
rename to python/ql/test/experimental/query-tests/Security/CWE-611/XmlEntityInjection.expected
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-611/XmlEntityInjection.qlref b/python/ql/test/experimental/query-tests/Security/CWE-611/XmlEntityInjection.qlref
new file mode 100644
index 00000000000..36a7c8845fb
--- /dev/null
+++ b/python/ql/test/experimental/query-tests/Security/CWE-611/XmlEntityInjection.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-611/XmlEntityInjection.ql
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-611/XmlInjection.qlref b/python/ql/test/experimental/query-tests/Security/CWE-611/XmlInjection.qlref
deleted file mode 100644
index 24d483666ac..00000000000
--- a/python/ql/test/experimental/query-tests/Security/CWE-611/XmlInjection.qlref
+++ /dev/null
@@ -1 +0,0 @@
-experimental/Security/CWE-611/XmlInjection.ql