Name of the Vulnerable Software and Affected Versions json-serializer version 2.0.10

Description The issue concerns malicious code in version 2.0.10 of the json-serializer module. When executed in a browser, this code can extract sensitive information such as password, cvc, and cardnumber fields from forms and send the extracted values to the endpoint "https://js-metrics.com/minjs.php?pl=".

Recommendations If version 2.0.10 of json-serializer is found installed, replace it with a version before or after 2.0.10. Additionally, evaluate your application to determine whether user data was compromised.