cbcvebase.
CVE-2012-10032
published 2025-08-05

CVE-2012-10032: Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly…

PriorityP357high8.7CVSS 4.0
AVNACLATNPRNUIPVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.85%
53.4th percentile
Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs, including maxthon.program.Program.launch() and maxthon.io.writeDataURL(). Exploitation requires user interaction, typically by visiting a malicious webpage that triggers the injection.

Affected

1 ranges
VendorProductVersion rangeFixed in
maxthon_international_ltdmaxthon3_browser3.1.7 build 600 – 3.2.2 build 1000

Detection & IOCsextracted from sources · hover to see the quote

urlabout:history
  • Monitor for JavaScript execution originating from the about:history page in Maxthon3, particularly calls to privileged DOM APIs such as maxthon.program.Program.launch() and maxthon.io.writeDataURL(), which indicate XCS exploitation in the trusted zone.
  • Target Maxthon3 versions 3.1.7 build 600 through 3.2.2 build 1000 are confirmed exploitable; flag or block these specific version strings in endpoint inventory and network traffic.
  • Exploitation requires a user to visit a malicious webpage; monitor web proxy/DNS logs for outbound requests to attacker-controlled pages that may redirect or inject content into the Maxthon about:history trusted zone.
  • ·The Metasploit module for this CVE only works against a specific version range; exploitation outside Maxthon 3.1.7 build 600 – 3.2.2 build 1000 has not been confirmed, so version-based detections should be scoped accordingly.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.