CVE-2019-16182

A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt