Name of the Vulnerable Software and Affected Versions precode.js version 1.1.1

Description The issue concerns malicious code in the specified version of precode.js, which when executed in a browser, can extract sensitive information such as password, cvc, and cardnumber fields from forms. This information is then sent to the endpoint "https://js-metrics.com/minjs.php?pl=". There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For precode.js version 1.1.1, remove the package from your environment and evaluate your application to determine whether or not user data was compromised. Consider downgrading to version 1.1.0 as a temporary workaround.