Security Advisory
CVE-2025-66572
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victims browser context when they visit a crafted URL.