[llmslave2]

Everybody knows that XSS is a client side exploit, you're acting naive by pretending like we're claiming it gives access to a server and ignoring the fact that having control of the client gives you de facto control of whatever account is logged into the client.

[rvnx]

It is not as cool as the RPC exploit of React/Next.js where you could call any function on the server-side including “vm.sysexec” or whatever it was, but still not to be fully ignored