CVE-2026-54393
CVE-2026-54393 describes a stored XSS in MISP when the Overmind theme is active. The vulnerability stems from the setHomePage endpoint saving user-supplied paths via setSettingInternal(), bypassing validation in setSetting() (including validate_homepage that enforces a leading “/”). The attacker-...