ASP.NET Core is vulnerable to a privilege escalation vulnerability. This is due to a failure to properly sanitise web requests when an ASP.NET Core web application is created using vulnerable project templates, resulting in content-injection attacks which allow scripts to be executed in the context of the authenticated user.