In MISP prior to 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
misp-project malware information sharing platform