Name of the Vulnerable Software and Affected Versions css transform step version 1.0.6

Description The issue concerns malicious code in version 1.0.6 of the css transform step module. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations Replace version 1.0.6 of the module with a version before or after 1.0.6. Downgrade to version 1.0.5 as a temporary solution. Evaluate your application to determine whether user data was compromised.