Zinc is vulnerable to cross-site scripting. The vulnerability exists due to the delete template functionality in User.vue
incorrectly escaping the id
attribute before being rendered, allowing an attacker to inject and execute a malicious JavaScript payload.