ITSS-Advisory : HIGH : Hewlett-Packard : Various Jetdirect versions : Cross Site Scripting

THREAT LEVEL
============
High.

INFORMATION
===========
HP has released a bulletin describing a cross site scripting vulnerability in
a number of Jetdirect products, which may be embedded in a variety of printers
and digital senders.

This vulnerability could allow an attacker to execute arbitrary scripts in a
user's browser.

This threat is severe because most of the University's printers are accessible
from the Internet.

AFFECTED PLATFORMS
==================
More information and details are available at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01841397

ACTION
======
Administrators of affected devices are strongly advised to test and implement the
following measures listed in the bulletin:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following steps can be taken to limit the exposure to the XSS vulnerabilities.

* set the administrator password
* use a new browser instance for administrator tasks
* do not access other web sites while performing administrator tasks
* exit the browser when administrator tasks are complete
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -