What is CVE-2012-10032?

CVE-2012-10032 is a vulnerability in Maxthon International Ltd. Maxthon3 Browser, classified under Cross-site Scripting. Published 2025-08-05.

Is CVE-2012-10032 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Maxthon International Ltd. Maxthon3 Browser

CVE-2012-10032

Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScri…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.678 (98.6th percentile) — read the EPSS interpretation.

Affected products

Maxthon International Ltd. Maxthon3 Browser — versions 3.1.7 build 600

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (technical-description, exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2012-10032?: CVE-2012-10032 is a vulnerability in Maxthon International Ltd. Maxthon3 Browser, classified under Cross-site Scripting. Published 2025-08-05.
Is CVE-2012-10032 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.