CVE-2019-16182 (limesurvey)

A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.
Source: NIST
CVE-2019-16182 (limesurvey)