app/Lib/Tools/EventTimelineTool.php in MISP prior to 2.4.179 allows XSS in the event timeline widget.
misp misp