Hmm, I've always thought of "RCE" in a more general way, regarding the ability to exe...

llmslave2 • last Friday at 8:05 PM • 1 reply • view on HN

Hmm, I've always thought of "RCE" in a more general way, regarding the ability to execute arbitrary code on a computer you don't own. For example some multiplayer games have had exploits that let hosts run arbitrary code on clients that connect to them, and I've seen that called an RCE vulnerability. shrugs

Replies

collinmanderson • last Saturday at 8:12 PM

If it’s running code outside of a normal browser sandbox then, yes it’s a RCE. Because it can now access to nearly everything on the user’s computer, including their browser, email, etc.

XSS is limited to accessing just that one website.

alt Hacker News

Replies