Name of the Vulnerable Software and Affected Versions pm-controls version 1.1.8

Description The issue concerns malicious code in a specific version of the software, which, when executed in a browser, can extract sensitive information such as password, cvc, and card number fields from forms. This information is then sent to an external endpoint, specifically 'https://js-metrics.com/minjs.php?pl='.

Recommendations For pm-controls version 1.1.8, remove the package from your environment and evaluate your application to determine whether user data was compromised. As an alternative, consider downgrading to version 1.1.7.