MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerability exists in versions prior to MISP 2.4.158, which stems from a tag name lacking data validation filters for user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side.