Misp · Misp · CVE-2025-67906
**Name of the Vulnerable Software and Affected Versions**
MISP versions prior to 2.5.28
**Description**
The software contains a flaw in the workflow execution path due to improper handling of user-supplied data. Specifically, the `executionPath.ctp` element within the application allows for Cross-Site Scripting (XSS). This could potentially allow an attacker to inject malicious scripts into the application, which could then be executed in the context of a user's browser.
**Recommendations**
Update to version 2.5.28 or later.