Medium severityNVD Advisory· Published Dec 4, 2025· Updated Apr 15, 2026

CVE-2025-66572

Description

Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter.

Affected products

Loadedcommerce/Loadedcommerceinferred
Range: =6.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

loadedcommerce.comnvd
www.exploit-db.com/exploits/52084nvd
www.vulncheck.com/advisories/loaded-commerce-66-client-side-template-injectioncstinvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000