João Lucas Melo Brasio

**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.107 **Description** A persistent XSS issue was discovered in the discussion interface of MISP, where JavaScript can be included and triggered by clicking on a link. **Recommendations** For versions prior to 2.4.107, update to version 2.4.107 or later to resolve the issue. As a temporary workaround, consider restricting access to the discussion interface until the update is applied.

**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.107 **Description** The issue is related to persistent XSS via link type attributes with javascript:// links in the value field.ctp file. **Recommendations** For versions prior to 2.4.107, update to version 2.4.107 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.107 **Description** An issue was discovered in the MISP software, where there is a persistent XSS vulnerability via image names in titles. This issue can be demonstrated by a screenshot, indicating the potential for malicious code execution through crafted image names. **Recommendations** For versions prior to 2.4.107, update to version 2.4.107 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload images with malicious names to minimize the risk of exploitation.