Name of the Vulnerable Software and Affected Versions xoc version 1.0.7

Description The issue concerns malicious code in version 1.0.7 of the xoc module. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations Replace version 1.0.7 with a version before or after 1.0.7. Downgrade to version 1.0.5 as an alternative. Evaluate your application to determine if user data was compromised.