Vendor
Loadedcommerce
Products
1
CVEs
2
Across products
2
Status
Private
Products
1- 2 CVEs
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66572 | Med | 0.45 | — | 0.00 | Dec 4, 2025 | Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL. | ||
| CVE-2014-5140 | 0.00 | — | 0.03 | Jan 3, 2020 | The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book. |
- risk 0.45cvss —epss 0.00
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL.
- CVE-2014-5140Jan 3, 2020risk 0.00cvss —epss 0.03
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.