HPSBPI02828 SSRT100778 rev.2 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)
2012-10-31T00:00:00
ID HP:C03556108 Type hp Reporter HP Product Security Response Team Modified 2017-07-17T00:00:00
Description
Potential Security Impact
Cross-site scripting (XSS)
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP LaserJet and Color LaserJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS).
RESOLUTION
HP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software.
Product Number
|
Firmware Version
---|---
HP Color LaserJet CM3530
|
Update to version 53.190.9
21 Aug 2012 or later
HP Color LaserJet CM6030
|
Update to version 52.210.9
21 Aug 2012 or later
HP Color LaserJet CM6040
|
Update to version 52.210.9
21 Aug 2012 or later
HP Color LaserJet CP3525
|
Update to version 06.140.3 18
18 Jul 2012 or later
HP Color LaserJet CP4025
|
Update to version 07.120.6
21 Aug 2012 or later
HP Color LaserJet CP4525
|
Update to version 07.120.6
21 Aug 2012 or later
HP Color LaserJet CP6015
|
Update to version 04.160.3
18 Jul 2012 or later
HP LaserJet P3015
|
Update to version 07.140.3
18 Jul 2012 or later
HP LaserJet P4014
|
Update to version 04.170.3
18 Jul 2012 or later
HP LaserJet P4015
|
Update to version 04.170.3
18 Jul 2012 or later
HP LaserJet P4515
|
Update to version 04.170.3
18 Jul 2012 or later
{"id": "HP:C03556108", "bulletinFamily": "software", "title": "HPSBPI02828 SSRT100778 rev.2 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)", "description": "## Potential Security Impact\nCross-site scripting (XSS) \n\n## VULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP LaserJet and Color LaserJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS).\n\n## RESOLUTION\nHP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software. \n\nProduct Number\n\n| \n\nFirmware Version \n \n---|--- \n \nHP Color LaserJet CM3530\n\n| \n\nUpdate to version 53.190.9 \n21 Aug 2012 or later \n \nHP Color LaserJet CM6030\n\n| \n\nUpdate to version 52.210.9 \n21 Aug 2012 or later \n \nHP Color LaserJet CM6040\n\n| \n\nUpdate to version 52.210.9 \n21 Aug 2012 or later \n \nHP Color LaserJet CP3525\n\n| \n\nUpdate to version 06.140.3 18 \n18 Jul 2012 or later \n \nHP Color LaserJet CP4025\n\n| \n\nUpdate to version 07.120.6 \n21 Aug 2012 or later \n \nHP Color LaserJet CP4525\n\n| \n\nUpdate to version 07.120.6 \n21 Aug 2012 or later \n \nHP Color LaserJet CP6015\n\n| \n\nUpdate to version 04.160.3 \n18 Jul 2012 or later \n \nHP LaserJet P3015\n\n| \n\nUpdate to version 07.140.3 \n18 Jul 2012 or later \n \nHP LaserJet P4014\n\n| \n\nUpdate to version 04.170.3 \n18 Jul 2012 or later \n \nHP LaserJet P4015\n\n| \n\nUpdate to version 04.170.3 \n18 Jul 2012 or later \n \nHP LaserJet P4515\n\n| \n\nUpdate to version 04.170.3 \n18 Jul 2012 or later \n", "published": "2012-10-31T00:00:00", "modified": "2017-07-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://support.hp.com/us-en/document/c03556108", "reporter": "HP Product Security Response Team", "references": [], "cvelist": ["CVE-2012-3272"], "type": "hp", "lastseen": "2020-12-24T13:21:30", "edition": 3, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3272"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28811", "SECURITYVULNS:VULN:12753"]}, {"type": "nessus", "idList": ["HP_LASERJET_XSS.NASL"]}], "modified": "2020-12-24T13:21:30", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-12-24T13:21:30", "rev": 2}, "vulnersScore": 5.2}, "affectedSoftware": [{"name": "hp color laserjet cm6040", "operator": "lt", "version": "Update to version 52.210.9\n 21 Aug 2012 or later"}, {"name": "hp color laserjet cm6030", "operator": "lt", "version": "Update to version 52.210.9\n 21 Aug 2012 or later"}, {"name": "hp color laserjet cp4525", "operator": "lt", "version": "Update to version 07.120.6\n 21 Aug 2012 or later"}, {"name": "hp laserjet p4014", "operator": "lt", "version": "Update to version 04.170.3\n 18 Jul 2012 or later"}, {"name": "hp laserjet p4015", "operator": "lt", "version": "Update to version 04.170.3\n 18 Jul 2012 or later"}, {"name": "hp color laserjet cp4025", "operator": "lt", "version": "Update to version 07.120.6\n 21 Aug 2012 or later"}, {"name": "hp color laserjet cp3525", "operator": "lt", "version": "Update to version 06.140.3 18\n 18 Jul 2012 or later"}, {"name": "hp color laserjet cp6015", "operator": "lt", "version": "Update to version 04.160.3 \n18 Jul 2012 or later"}, {"name": "hp laserjet p4515", "operator": "lt", "version": "Update to version 04.170.3\n 18 Jul 2012 or later"}, {"name": "hp color laserjet cm3530", "operator": "lt", "version": "Update to version 53.190.9\n21 Aug 2012 or later"}, {"name": "hp laserjet p3015", "operator": "lt", "version": "Update to version 07.140.3 \n18 Jul 2012 or later"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:59:50", "description": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "edition": 6, "cvss3": {}, "published": "2012-12-06T11:45:00", "title": "CVE-2012-3272", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3272"], "modified": "2013-01-08T05:03:00", "cpe": ["cpe:/h:hp:laserjet_p4xxx:04.170.2", "cpe:/h:hp:laserjet_p3015:07.140.2", "cpe:/h:hp:color_laserjet_cm3530:53.190.8", "cpe:/h:hp:color_laserjet_cm60xx:53.190.8", "cpe:/h:hp:color_laserjet_cp3525:06.140.3.17", "cpe:/h:hp:color_laserjet_cp6015:04.160.2", "cpe:/h:hp:color_laserjet_cp4xxx:07.120.5"], "id": "CVE-2012-3272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3272", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:h:hp:color_laserjet_cp6015:04.160.2:*:*:*:*:*:*:*", "cpe:2.3:h:hp:color_laserjet_cm3530:53.190.8:*:*:*:*:*:*:*", "cpe:2.3:h:hp:color_laserjet_cm60xx:53.190.8:*:*:*:*:*:*:*", "cpe:2.3:h:hp:color_laserjet_cp4xxx:07.120.5:*:*:*:*:*:*:*", "cpe:2.3:h:hp:laserjet_p4xxx:04.170.2:*:*:*:*:*:*:*", "cpe:2.3:h:hp:laserjet_p3015:07.140.2:*:*:*:*:*:*:*", "cpe:2.3:h:hp:color_laserjet_cp3525:06.140.3.17:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-3272"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03556108\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03556108\r\nVersion: 1\r\n\r\nHPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site\r\nScripting (XSS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2012-12-03\r\nLast Updated: 2012-12-03\r\n\r\nPotential Security Impact: Cross-site scripting (XSS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with certain HP\r\nLaserJet and Color LaserJet printers. The vulnerability could be exploited to\r\nallow cross-site scripting (XSS).\r\n\r\nReferences: CVE-2012-3272\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nProduct Number\r\n\r\nHP Color LaserJet CM3530\r\n\r\nHP Color LaserJet CM6030\r\n\r\nHP Color LaserJet CM6040\r\n\r\nHP Color LaserJet CP3525\r\n\r\nHP Color LaserJet CP4025\r\n\r\nHP Color LaserJet CP4525\r\n\r\nHP Color LaserJet CP6015\r\n\r\nLaserJet P3015\r\n\r\nLaserJet P4014\r\n\r\nLaserJet P4015\r\n\r\nLaserJet P4515\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-3272 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nThe Hewlett-Packard Company thanks Dominic Sim of KPMG for reporting this\r\nvulnerability to security-alert@hp.com.\r\n\r\nRESOLUTION\r\n\r\nHP has provided updated firmware for the impacted HP LaserJet and HP Color\r\nLaserJet printers to resolve this vulnerability. To obtain the firmware, go\r\nto http://www.hp.com and follow these steps.\r\n\r\nClick on Support and Drivers\r\nUse the Drivers & Software tab and enter the impacted product number and\r\nsearch for that product\r\nSelect the product\r\nSelect the operating system\r\nSelect and download the Firmware version listed, or a later version, if\r\navailable\r\n\r\nProduct Number\r\n Firmware Version\r\n\r\nHP Color LaserJet CM3530\r\n Update to version 53.190.9\r\n21 Aug 2012 or later\r\n\r\nHP Color LaserJet CM6030\r\n Update to version 52.210.9\r\n21 Aug 2012 or later\r\n\r\nHP Color LaserJet CM6040\r\n Update to version 52.210.9\r\n21 Aug 2012 or later\r\n\r\nHP Color LaserJet CP3525\r\n Update to version 06.140.3 18\r\n18 Jul 2012 or later\r\n\r\nHP Color LaserJet CP4025\r\n Update to version 07.120.6\r\n21 Aug 2012 or later\r\n\r\nHP Color LaserJet CP4525\r\n Update to version 07.120.6\r\n21 Aug 2012 or later\r\n\r\nHP Color LaserJet CP6015\r\n Update to version 04.160.3\r\n18 Jul 2012 or later\r\n\r\nHP LaserJet P3015\r\n Update to version 07.140.3\r\n18 Jul 2012 or later\r\n\r\nHP LaserJet P4014\r\n Update to version 04.170.3\r\n18 Jul 2012 or later\r\n\r\nHP LaserJet P4015\r\n Update to version 04.170.3\r\n18 Jul 2012 or later\r\n\r\nHP LaserJet P4515\r\n Update to version 04.170.3\r\n18 Jul 2012 or later\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 3 December 2012 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2012 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAlC89IUACgkQ4B86/C0qfVkLXQCg96zP/umFE7UxvpCjaVZCejRs\r\ngM8AoPyEVtyJEIoWEQqsugnrkljoki3u\r\n=FDjD\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-12-09T00:00:00", "published": "2012-12-09T00:00:00", "id": "SECURITYVULNS:DOC:28811", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28811", "title": "[security bulletin] HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-3272"], "description": "No description provided", "edition": 1, "modified": "2012-12-09T00:00:00", "published": "2012-12-09T00:00:00", "id": "SECURITYVULNS:VULN:12753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12753", "title": "HP LaserJet printers crossite scripting", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-20T11:31:54", "description": "The remote web server is an embedded web server for an HP LaserJet\nprinter. The version of the firmware reported by the printer is\nreportedly affected by a cross-site scripting vulnerability. An\nattacker could exploit this flaw to execute arbitrary script code.", "edition": 25, "published": "2013-01-15T00:00:00", "title": "HP LaserJet XSS Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3272"], "modified": "2013-01-15T00:00:00", "cpe": ["cpe:/h:hp:color_laserjet_cp4xxx", "cpe:/h:hp:color_laserjet_cm3530", "cpe:/h:hp:color_laserjet_cp3525", "cpe:/h:hp:laserjet_p3015", "cpe:/h:hp:laserjet_p4xxx", "cpe:/h:hp:color_laserjet_cp6015", "cpe:/h:hp:color_laserjet_cm60xx"], "id": "HP_LASERJET_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/63523", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63523);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3272\");\n script_bugtraq_id(56820);\n\n script_name(english:\"HP LaserJet XSS Vulnerability\");\n script_summary(english:\"Checks the firmware datecode\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a cross-site scripting\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server is an embedded web server for an HP LaserJet\nprinter. The version of the firmware reported by the printer is\nreportedly affected by a cross-site scripting vulnerability. An\nattacker could exploit this flaw to execute arbitrary script code.\");\n # https://h20566.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03556108-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?66a82c9c\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the firmware in accordance with the vendor's advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2012/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2012/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:color_laserjet_cm3530\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:color_laserjet_cm60xx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:color_laserjet_cp3525\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:color_laserjet_cp4xxx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:color_laserjet_cp6015\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:laserjet_p3015\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:laserjet_p4xxx\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"hp_laserjet_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/hp_laserjet/pname\", \"www/hp_laserjet/fw\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, dont_break:1, embedded:1);\nprinter_model = get_kb_item_or_exit(\"www/hp_laserjet/pname\");\nprinter_fw = get_kb_item_or_exit(\"www/hp_laserjet/fw\");\n\nprinter_arr = make_array(\n \"CM3530\", \"53.190.9\",\n \"CM6030\", \"52.210.9\",\n \"CM6040\", \"52.210.9\",\n \"CP3525\", \"06.140.3\",\n \"CP4025\", \"07.120.6\",\n \"CP4525\", \"07.120.6\",\n \"CP6015\", \"04.160.3\",\n \"P3015\", \"07.140.3\",\n \"P4014\", \"04.170.3\",\n \"P4015\", \"04.170.3\",\n \"P4515\", \"04.170.3\"\n );\nif (isnull(printer_arr[printer_model])) exit(0, \"LaserJet \"+printer_model+\" is not reported to be an affected model.\");\n\n\n# Check the firmware datecode.\nfw_ver = make_array();\n\nif (printer_arr[printer_model] =~ '^[0-9]{8}')\n{\n p_fw_ver = ereg_replace(pattern:'([0-9]+)([ \\t]+[0-9]+.[0-9]+.[0-9]+)?', replace:\"\\1\", string:printer_fw);\n}\nelse\n{\n p_fw_ver = split(ereg_replace(pattern:'([0-9]+)([ \\t]+[0-9]+.[0-9]+.[0-9]+)?', replace:\"\\2\", string:printer_fw), sep:\".\", keep:FALSE);\n fw_ver = split(printer_arr[printer_model], sep:\".\", keep:FALSE);\n}\n\nif ( \n ( isnull(max_index(p_fw_ver)) && int(p_fw_ver) < int(printer_arr[printer_model])) ||\n max_index(p_fw_ver) &&\n (\n ( int(p_fw_ver[0]) < int(fw_ver[0]) ||\n ( int(p_fw_ver[0]) == int(fw_ver[0]) && int(p_fw_ver[1]) < int(fw_ver[1])) ||\n ( int(p_fw_ver[0]) == int(fw_ver[0]) && int(p_fw_ver[1]) == int(fw_ver[1]) && int(p_fw_ver[2]) < int(fw_ver[2])))\n )\n)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n if (report_verbosity > 0)\n {\n info = \n '\\n Printer model : LaserJet ' + printer_model +\n '\\n Installed firmware version : ' + join(p_fw_ver, sep:'.') + \n '\\n Fixed firmware version : ' + printer_arr[printer_model] + '\\n';\n security_warning(port:port, extra:info);\n }\n else security_warning(port:port);\n}\nelse exit(0, 'The LaserJet '+printer_model+' with firmware version ' + join(p_fw_ver, sep:'.') + ' is not affected.');\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
