Cross-Site Scripting in vant
Versions of vant are vulnerable to Cross-Site Scripting. The text value of the Picker component column is not sanitized, which may allow attackers to execute arbitrary JavaScript in a victim's browser. Upgrade to or later.