An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.
https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released