Malicious Package

Overview xo-form-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in xo-form-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b076aac6d8c1d695f9ed279e4948c727abd708141c9256d1ecc0faa1f14b579 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49067 Malicious code in xo-form-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b076aac6d8c1d695f9ed279e4948c727abd708141c9256d1ecc0faa1f14b579 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36756

Malicious code in xo-form-components npm...

MAL-2025-19030 Malicious code in dynamic-form-components (npm)

The package dynamic-form-components was found to contain malicious code...

Malicious code in dynamic-form-components (npm)

The package dynamic-form-components was found to contain malicious code...

Cross-site Scripting (XSS)

Umbraco Commerce is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation allowing authenticated users with access to edit forms to inject unsafe code into form components...