In MISP prior to 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.
misp-project misp