Ipplan · Ipplan · CVE-2021-42943
**Name of the Vulnerable Software and Affected Versions**
IPPlan version 4.92b
**Description**
The issue allows remote attackers to inject arbitrary web script or HTML via the `userid` parameter in the "admin/usermanager.php" endpoint. This enables attackers to perform stored cross-site scripting (XSS) attacks.
**Recommendations**
For IPPlan version 4.92b, consider restricting access to the "admin/usermanager.php" endpoint until a fix is available, and avoid using the `userid` parameter in this endpoint to minimize the risk of exploitation.