Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
monstra monstra 3.0.4
Monstra-CMS-304-Reflected-XSS-On-Login- ASSIGNED CVE-2018-11472