Drupal has released security updates to address cross-site scripting vulnerability affecting Drupal 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system.

According to Drupal security advisory, users are recommended to install the latest version:

• If you are using Drupal 9.1, update to Drupal 9.1.9.

• If you are using Drupal 9.0, update to Drupal 9.0.14.

• If you are using Drupal 8.9, update to Drupal 8.9.16.

More information on vulnerability and updates is available in Drupal security advisory – SA-CORE-2021-003.