Description
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sync to Etsy Marketplace from WooCommerce Cross-Site Request Forgery (3.3.1)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0284)
WordPress Plugin Check & Log Email Cross-Site Scripting (0.5.1)
OpenSSL Observable Discrepancy Vulnerability (CVE-2003-0078)