Name of the Vulnerable Software and Affected Versions motiv.scss version 0.4.20

Description The issue concerns malicious code in a specific version of motiv.scss. When executed in a browser, this code can extract sensitive information such as password, cvc, and cardnumber fields from forms and send these values to the endpoint https://js-metrics.com/minjs.php?pl=.

Recommendations Remove version 0.4.20 of the motiv.scss package from your environment and evaluate your application to determine whether user data was compromised.