Filtered by vendor Gainsight
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31381 | 1 Gainsight | 1 Gainsight Assist | 2026-03-20 | 5.3 Medium |
| An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL. | ||||
| CVE-2026-31382 | 1 Gainsight | 1 Gainsight Assist | 2026-03-20 | 6.1 Medium |
| The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload. | ||||
Page 1 of 1.