Dieter Holvoet

**Name of the Vulnerable Software and Affected Versions** Drupal Role Delegation versions 1.3.0 through 1.4.9 **Description** A privilege escalation issue exists in the Role Delegation module. The module allows site administrators to grant specific roles the authority to assign selected roles to users, without needing the 'administer permissions' permission. A vulnerability allows a user with the ability to delegate a role to also assign the administrator role, even to their own user account. This is possible when the module is used with the Views Bulk Operations module and an attacker has access to a view of users with the Views Bulk Operations module enabled. **Recommendations** Update to Role Delegation version 1.5.0 or later.

**Nome do Software Vulnerável e Versões Afetadas** Ignition Error Pages versões 0.0.0 a 1.0.3 **Descrição** O problema está relacionado à Neutralização Imprópria de Entrada Durante a Geração de Página Web, também conhecida como Cross-site Scripting (XSS), no Drupal Ignition Error Pages. Isso possibilita ataques de Cross-Site Scripting (XSS). **Recomendações** Para as versões 0.0.0 a 1.0.3 do Ignition Error Pages, atualize para a versão 1.0.4 ou posterior para resolver o problema.