16 matches found
CVE-2026-31382 Gainsight Assist reflected XSS/HTML injection
The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...
CVE-2026-31382 Gainsight Assist reflected XSS/HTML injection
The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...
CVE-2026-31382
CVE-2026-31382 (Gainsight Assist) is a reflected XSS in the error_description parameter. An attacker can bypass a domain WAF using a Safari-specific onpagereveal payload, enabling HTML/script injection. Public sources in the connected set confirm the vulnerability type as reflected XSS/HTML injec...
CVE-2026-31381 Gainsight Assist plugin information disclosure
An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...
CVE-2026-31381
CVE-2026-31381 and related entries describe a Gainsight Assist plugin information-disclosure vulnerability. The core issue is that user email addresses (PII) are exposed in base64-encoded form via the OAuth callback URL’s state parameter. This can allow an attacker to recover emails if the OAuth ...
CVE-2026-31381 Gainsight Assist plugin information disclosure
An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...
CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)
Overview Rapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain app.gainsight.com. These vulnerabilities include an Information Disclosure flaw CVE-2026-31381 and a Reflected Cross-Site Scripting XSS...
Gainsight Assist 安全漏洞
Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from the state parameter in the OAuth callback URL exposing the base64-encoded user email address, potentially leading to personal...
Gainsight Assist 安全漏洞
Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from improper handling of the errordescription parameter. This vulnerability may lead to reflective cross-site scripting attacks...
Gainsight Expands Impacted Customer List Following Salesforce Security Alert
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not...
ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms
ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens...
Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity
Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform. "Our investigation indicates this activity may have enabled unauthorized access to certain customers' Salesforce data through the app's connection," the company said in an...
Malicious code in react-native-gainsight-px (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in nativescript-gainsight-px2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12143d1c19f403559d49925266742f6b2ca75a3fda8ed195a4e0189bf64dce70 The OpenSSF Package Analysis project identified 'nativescript-gainsight-px2' @ 1.11.3 npm as malicious. It is considered malicious because: - Th...
MAL-2025-19 Malicious code in nativescript-gainsight-px2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12143d1c19f403559d49925266742f6b2ca75a3fda8ed195a4e0189bf64dce70 The OpenSSF Package Analysis project identified 'nativescript-gainsight-px2' @ 1.11.3 npm as malicious. It is considered malicious because: - Th...
Malicious code in nativescript-gainsight-px (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a623f285a8491c50ebbad0ad2a62988fbf68724329f6d7b0a7d30b1bf44ded73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...