Name of the Vulnerable Software and Affected Versions react-dates-sc version 0.3.0

Description The issue concerns malicious code in version 0.3.0 of the react-dates-sc module. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations If version 0.3.0 of react-dates-sc is found installed, replace it with a version before or after 0.3.0. Downgrade to version 0.3.0-beta.83 as an alternative. Evaluate your application to determine whether user data was compromised.