CVE-2025-66572

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

CVE-2025-66572

Loaded Commerce 6.6 is affected by a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter . The root cause is CSTI in the template handling, enabling remote code execution. Public documentation notes there is cur...

CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

CVE-2025-66572

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

PT-2025-49140

Name of the Vulnerable Software and Affected Versions Loaded Commerce version 6.6 Description Loaded Commerce version 6.6 has a client-side template injection issue. This allows unauthenticated attackers to execute code on the server through the search parameter. The issue allows for code...

Loaded Commerce 6.6 - Client-Side Template Injection(CSTI)

Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on: https://www.softaculous.com/apps/ecommerce/LoadedCommerce Injecting 77 into the search parameter...