Home

Description

Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs, including maxthon.program.Program.launch() and maxthon.io.writeDataURL(). Exploitation requires user interaction, typically by visiting a malicious webpage that triggers the injection.

PUBLISHED Reserved 2025-08-05 | Published 2025-08-05 | Updated 2025-08-07 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unaffected

3.1.7 build 600
affected

Credits

Roberto Suggi Liverani finder

References

raw.githubusercontent.com/.../browser/maxthon_history_xcs.rb exploit

www.exploit-db.com/exploits/23225 exploit

blog.malerisch.net/...t-scripting-xcs-about-history-rce.html technical-description exploit

www.maxthon.com/ product

www.fortiguard.com/encyclopedia/ips/34203 third-party-advisory

www.vulncheck.com/...ies/maxthon3-xcs-trusted-zone-code-exec third-party-advisory

cve.org (CVE-2012-10032)

nvd.nist.gov (CVE-2012-10032)

Download JSON