Submeter #768949: AutohomeCorp frostmourne <=1.0 remote code executioninformação

TítuloAutohomeCorp frostmourne <=1.0 remote code execution
DescriçãoA critical remote code execution vulnerability exists in Frostmourne's alarm expression evaluation system. Authenticated administrative users can inject arbitrary JavaScript code via the alarm configuration interface, which is then executed by the Nashorn script engine without validation, leading to complete server compromise.
Fonte⚠️ https://github.com/AnalogyC0de/public_exp/issues/17
Utilizador
 Ana10gy (UID 93358)
Submissão27/02/2026 08h13 (há 1 mês)
Moderação11/03/2026 14h39 (12 days later)
EstadoAceite
Entrada VulDB350397 [AutohomeCorp frostmourne até 1.0 Oracle Nashorn JavaScript Engine ExpressionRule.java scriptEngine.eval EXPRESSION Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!