SA-CONTRIB-2009-069 - Shared Sign On - Cross Site Scripting
The Shared Sign On module enables users to log into one Drupal site and be automatically logged into multiple related Drupal sites. The module suffers multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Session fixation problem Session Fixation. This problem allows an attack...