RSMonials, 2.2 and previous versions, XSS (Cross Site Scripting) also insecure file upload

.