CVE-2005-0905
Maxthon 1.2.0 - Information Disclosure via m2_search_text Property
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-0905. PoCs published by Aviv Raff.
AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Maxthon Web Browser by continuously polling the search bar contents via the `external.m2_search_text` property and displaying them in a text field.
Description
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Aviv Raff · htmlremotewindows
https://www.exploit-db.com/exploits/25274
This exploit demonstrates an information disclosure vulnerability in Maxthon Web Browser by continuously polling the search bar contents via the `external.m2_search_text` property and displaying them in a text field.
Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Maxthon Web Browser 1.2.0
No auth needed
Prerequisites:
Victim must use Maxthon Web Browser 1.2.0 or prior · Victim must visit the malicious webpage
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=111175236620942&w=2
Patch x_refsource_misc
http://forum.maxthon.com/forum/index.php?showtopic=18207
Vendor Advisory x_refsource_misc
http://www.raffon.net/advisories/maxthon/searchbarid.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12898
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14712
Scores
EPSS
0.0232
EPSS Percentile
81.2%
Details
Status
published
Products (1)
maxthon/maxthon
1.2
Published
May 02, 2005
Tracked Since
Feb 18, 2026