In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
misp misp 2.4.167