Gainsight Gainsight Assist
2 CVEs affecting Gainsight Gainsight Assist. Latest disclosed: 2026-03-20. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-31382 | Medium | 6.1 | 2026-03-20 | The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload. |
CVE-2026-31381 | Medium | 5.3 | 2026-03-20 | An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL. |