ASP.NET Core is vulnerable to privilege escalation. When an ASP.NET Core web application is created using vulnerable project templates, the application fails to properly sanitize web requests. An attacker is able to exploit the vulnerability by sending an email to the user containing a malicious link and when clicked, performs content injection attacks and run scripts in the security context of the logged-on user.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.aspnetcore.spaservices | eq | 2.2.0 | |
microsoft.aspnetcore.spaservices | le | 2.1.1 |