CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php

LimeSurvey v5.3.9 and below allows attackers to include javascript or HTML code in the config.xml file of a plugin.