Launchpad.net

CVE 2019-16174

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.

See the CVE page on Mitre.org for more details.