"Building on the concept of cross-site scripting, whereby an attacker can inject malicious code in Web pages viewed by others, security researcher Aaron Weaver has demonstrated how an attacker can inject spam messages into a Web site visitor’s printer.
Weaver’s research is available in a paper published online. It describes how the attack could be initiated by creating a hidden iframe — a block of code inserted into a Web page and often served from a different domain than the Web page — and a Web form that submits the spam message to the printer. An attacker could also send the spam message as a fax, if the printer has fax capabilities." Hijacking Printers For Spamming — Spam — InformationWeek