Name of the Vulnerable Software and Affected Versions blingjs version 0.0.4

Description The issue concerns malicious code in version 0.0.4 of blingjs that, when executed in a browser, can extract sensitive information from form fields, including password, cvc, and cardnumber, and send this data to the endpoint "https://js-metrics.com/minjs.php?pl=". This could potentially lead to user data compromise.

Recommendations Replace version 0.0.4 of the blingjs module with a version before or after 0.0.4. Evaluate your application to determine whether user data was compromised due to the presence of the malicious code in version 0.0.4.