Description
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Remediation
References
Related Vulnerabilities
WordPress Plugin SendPress Newsletters Cross-Site Scripting (1.20.7.10)
WordPress Plugin Site Kit by Google Security Bypass (1.7.1)
WordPress Plugin Responsive WordPress Slider-Avartan Slider Lite Cross-Site Scripting (1.4)
WordPress Plugin Movies Cross-Site Scripting (0.6)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-4962)