Medium severityNVD Advisory· Published Dec 4, 2025· Updated May 26, 2026
CVE-2025-66572
CVE-2025-66572
Description
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=6.6+ 1 more
- (no CPE)range: =6.6
- (no CPE)range: =6.6
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.