Name of the Vulnerable Software and Affected Versions dictum.js version 1.0.5

Description The issue concerns malicious code in version 1.0.5 of dictum.js, which when executed in a browser, can enumerate fields such as password, cvc, and cardnumber from forms. The extracted values are then sent to the endpoint "https://js-metrics.com/minjs.php?pl=". There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations If version 1.0.5 of dictum.js is found installed, replace it with a version before or after 1.0.5. Downgrade to version 1.0.4 as a temporary solution. Evaluate your application to determine whether user data was compromised.