CVE-2019-11392

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.