Name of the Vulnerable Software and Affected Versions rc-calendar-jhorst version 8.4.3

Description The issue concerns malicious code in version 8.4.3 of the rc-calendar-jhorst module. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the endpoint "https://js-metrics.com/minjs.php?pl=". This poses a significant risk to user data.

Recommendations If version 8.4.3 of rc-calendar-jhorst is found installed, replace it with a version before or after 8.4.3. Downgrade to version 8.4.2 as a temporary solution. Evaluate your application to determine whether user data was compromised.