Name of the Vulnerable Software and Affected Versions jquery-airload version 0.2.5

Description The issue concerns malicious code in version 0.2.5 of jquery-airload. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations Remove version 0.2.5 of jquery-airload from your environment. Downgrade to version 0.2.4 as a temporary solution. Evaluate your application to determine if user data was compromised.