Using anyone of the exposed Javascript the attacker gets access to the public Reflection APIs inherited from Object.
These APIs can be abused to run arbitrary Java code.
Multiple vectors are present in the open by use of which cyber criminals can exploit the vulnerability.
source: www.techworm.net
