Submit #780669: AutohomeCorp frostmourne frostmourne <= 1.0 Server-Side Request Forgeryinfo

TitleAutohomeCorp frostmourne frostmourne <= 1.0 Server-Side Request Forgery
DescriptionFrostmourne contains a Server-Side Request Forgery (SSRF) vulnerability in the alarm preview functionality. The /alarm/previewData endpoint allows authenticated users to trigger arbitrary HTTP/HTTPS requests from the server without any URL validation and returns the HTTP response directly to the user, enabling attackers to access internal network resources, cloud metadata endpoints, and perform port scanning.
Source⚠️ https://fx4tqqfvdw4.feishu.cn/docx/GE4GdxBxKoSvBOxhkTRcsawlnhc?from=from_copylink
User
 xcxr (UID 86629)
Submission03/16/2026 07:25 (4 months ago)
Moderation03/31/2026 18:22 (15 days later)
StatusAccepted
VulDB entry354449 [AutohomeCorp frostmourne up to 1.0 Alarm Preview AlarmController.java server-side request forgery]
Points19

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!