Drupal has released security updates to address moderately critical vulnerabilities (CVE-2022-24728, CVE-2022-24729) affecting Drupal 9.2 and 9.3. An attacker could exploit some of these vulnerabilities to trigger cross-site scripting, remote code execution, security restriction bypass and denial of service condition on the targeted system.

According to Drupal security advisory, users are recommended to install the latest version:

If you are using Drupal 9.3, update to Drupal 9.3.8.

If you are using Drupal 9.2, update to Drupal 9.2.15.

More information on vulnerabilities and updates is available in Drupal security advisory – SA-CORE-2022-005.