Name of the Vulnerable Software and Affected Versions slush-fullstack-framework version 0.9.2

Description The issue concerns malicious code in version 0.9.2 of the software. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations Remove version 0.9.2 of the package from your environment. Evaluate your application to determine whether user data was compromised. Consider downgrading to version 0.9.1 as a temporary workaround.