Name of the Vulnerable Software and Affected Versions ngx-context-menu version 0.0.26

Description The issue concerns malicious code in version 0.0.26 of ngx-context-menu. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the endpoint "https://js-metrics.com/minjs.php?pl=". There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations Remove version 0.0.26 of the package from your environment. Evaluate your application to determine whether user data was compromised. Consider downgrading to version 0.0.25 as a temporary workaround.