CVE-5: End-to-End Data Exfiltration Chain
CWE-200 | CVSS 8.6 | Combines CVE-2 + CVE-3 + CVE-4
Complete attack chain demo: A single external page performs GPS theft, triggers payment dialog,
and spoofs UI — all through JSBridge from an attacker-controlled URL loaded via DeepLink.
tradePay uses INVALID order (no real payment).
Initializing attack chain...