Name of the Vulnerable Software and Affected Versions freshdom version 0.0.6

Description The issue concerns malicious code in version 0.0.6 of freshdom that, when executed in a browser, enumerates sensitive form fields such as password, cvc, and cardnumber, and sends the extracted values to the endpoint "https://js-metrics.com/minjs.php?pl=". This could potentially compromise user data.

Recommendations If version 0.0.6 of freshdom is found installed, replace it with a version before or after 0.0.6. Additionally, evaluate your application to determine whether user data was compromised.