Cross-site Scripting (XSS)

Zinc is vulnerable to cross-site scripting. The vulnerability exists due to the delete template functionality in User.vue incorrectly escaping the id attribute before being rendered, allowing an attacker to inject and execute a malicious JavaScript payload...