CVE-2021-37742

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.147

Description: The issue allows Stored XSS when viewing galaxy cluster relationships. This occurs in the app/View/Elements/GalaxyClusters/view relation tree.ctp file.

Recommendations: For MISP version 2.4.147, consider disabling the view relation tree.ctp file or restricting access to it until a patch is available. Avoid using the affected file for viewing galaxy cluster relationships until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.