In this article, we are going to demonstrate how a successfully executed XSS attack in a Capacitor application could allow the attacker to track the users location using the native Geolocation API. Although we will demonstrate this vulnerability with the Geolocation API, the same attack could be used to access any Native API that the application has access to.


XSS Attacks Are More Dangerous for Capacitor/Cordova
8.25 GEEK