Name of the Vulnerable Software and Affected Versions device-mqtt version 1.0.11

Description The issue concerns malicious code in version 1.0.11 of the device-mqtt package. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations Remove version 1.0.11 of the device-mqtt package from your environment. Downgrade to version 1.0.10 as a temporary measure. Evaluate your application to determine whether user data was compromised.