alt Hacker NewsGenerally code execution within browser/client-side javascript sandbox is just "XSS".
RCE usually implies server-side code execution (or breaking out of browser sandbox).
Generally code execution within browser/client-side javascript sandbox is just "XSS".
RCE usually implies server-side code execution (or breaking out of browser sandbox).
Hmm, I've always thought of "RCE" in a more general way, regarding the ability to execute arbitrary code on a computer you don't own. For example some multiplayer games have had exploits that let hosts run arbitrary code on clients that connect to them, and I've seen that called an RCE vulnerability. shrugs