It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks. For the stable distribution , this problem has been fixed in version 4.86a-7+lenny1. The oldstable distribution does not contain ipplan. For the testing distribution this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 4.91a-1.1. We recommend that you upgrade your ipplan packages.