CVEPublished 2025-08-05Modified 2026-04-151 article on news7 live referencesNVD data

CVE-2012-10032

Vulnerability data via NVD (ingested)

CVSS v3.1
EPSS percentile
98
Exploit Prediction Scoring System · top 2% of all CVEs
Description

Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs, including maxthon.program.Program.launch() and maxthon.io.writeDataURL(). Exploitation requires user interaction, typically by visiting a malicious webpage that triggers the injection.

Timeline
Published 2025-08-05
Modified 2026-04-15

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub

No public proof-of-concept repositories found for CVE-2012-10032 on GitHub.