In general it depends on the protocol that is used for communication. If it for example were not authenticated HTTP, it could be remotely exploitable by a website that a user visits.