CVE-2025-66572

UNKNOWN 0.0

Loaded Commerce 6.6 Client-Side Template Injection (CSTI)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL.

CWE	CWE-78
Vendor	loadedcommerce
Product	loaded commerce
Published	Dec 4, 2025
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for loadedcommerce loaded commerce

Be the first to know when new unknown vulnerabilities affecting loadedcommerce loaded commerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

loadedcommerce / Loaded Commerce

6.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52084 loadedcommerce.com: https://loadedcommerce.com/ vulncheck.com: https://www.vulncheck.com/advisories/loaded-commerce-66-client-side-template-injectioncsti

Credits

tmrswrr