virus logo Intrusion Prevention

Maxthon3.About.History.XCS

description-logoDescription

This indicates an attack attempt to exploit a Cross Context Scripting vulnerability in Maxthon3.
The vulnerability is due to a design error in the application when handling cross domain access to the "History" object. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute arbitrary script code within the context of the targeted user.

affected-products-logoAffected Products

Maxthon 3.4.5.2000 and earlier versions

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code in the context of the privileged browser zone.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-about-history-rce.html
ID 34203
Created Jan 03, 2013
Updated Jun 09, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows
Affected App Other
Profile Type XSS