Name of the Vulnerable Software and Affected Versions simple-alipay version 1.0.1

Description The issue concerns malicious code in version 1.0.1 of the simple-alipay module. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the endpoint "https://js-metrics.com/minjs.php?pl=".

Recommendations For version 1.0.1, replace it with a version before or after 1.0.1. Downgrade to version 1.0.0 as a temporary solution. Evaluate your application to determine whether user data was compromised.