If it’s running code outside of a normal browser sandbox then, yes it’s a RCE. Because it can now access to nearly everything on the user’s computer, including their browser, email, etc.
XSS is limited to accessing just that one website.
If it’s running code outside of a normal browser sandbox then, yes it’s a RCE. Because it can now access to nearly everything on the user’s computer, including their browser, email, etc.
XSS is limited to accessing just that one website.