CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php
May 25, 2022
LimeSurvey v5.3.9 and below allows attackers to include javascript or HTML code in the config.xml file of a plugin.