CVE-2018-11227

Monstra CMS 3.0.4 and earlier has XSS via index.php.

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.