Drupal has released security updates to address vulnerabilities (CVE-2021-41165, CVE-2021-41164) that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to perform cross-site scripting (XSS) and take control of an affected system.

According to Drupal security advisories, users are recommended to install the latest version:

If using Drupal 9.2, update to Drupal 9.2.9.

If using Drupal 9.1, update to Drupal 9.1.14.

If using Drupal 8.9, update to Drupal 8.9.20.

Source: drupal.org