IPPlan is a web-based multilingual TCP IP address management (IPAM) software and tracking tool. Simplifying the management of the IP address space, IPPlan version 4.92b is vulnerable to a cross-site scripting vulnerability, which stems from a cross-site scripting (XSS) vulnerability found in admin/usermanager.php. A remote attacker could exploit this vulnerability to inject arbitrary web script or HTML via the userid parameter.