Misp · Misp · CVE-2021-37534
**Name of the Vulnerable Software and Affected Versions**
MISP version 2.4.146
**Description**
The issue allows Stored XSS when forking a galaxy cluster. This occurs in the app/View/GalaxyClusters/add.ctp file.
**Recommendations**
For MISP version 2.4.146, update to a version that fixes the Stored XSS issue in the app/View/GalaxyClusters/add.ctp file. As a temporary workaround, consider restricting access to the `add.ctp` file until a patch is available.