Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 1:4 p.m.4 views

CVE-2026-31382 Gainsight Assist reflected XSS/HTML injection

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS5.8AI score0.00303EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 1:4 p.m.26 views

CVE-2026-31382 Gainsight Assist reflected XSS/HTML injection

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS0.00245EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 1:4 p.m.7 views

CVE-2026-31382

CVE-2026-31382 (Gainsight Assist) is a reflected XSS in the error_description parameter. An attacker can bypass a domain WAF using a Safari-specific onpagereveal payload, enabling HTML/script injection. Public sources in the connected set confirm the vulnerability type as reflected XSS/HTML injec...

6.1CVSS5.8AI score0.00303EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 1:2 p.m.23 views

CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

5.3CVSS0.00303EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/20 1:2 p.m.4 views

CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

5.3CVSS5.8AI score0.00303EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 1:2 p.m.6 views

CVE-2026-31381

CVE-2026-31381 and related entries describe a Gainsight Assist plugin information-disclosure vulnerability. The core issue is that user email addresses (PII) are exposed in base64-encoded form via the OAuth callback URL’s state parameter. This can allow an attacker to recover emails if the OAuth ...

5.3CVSS5.8AI score0.00303EPSS
Exploits0References2Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2026/03/20 1:0 p.m.7 views

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Overview Rapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain app.gainsight.com. These vulnerabilities include an Information Disclosure flaw CVE-2026-31381 and a Reflected Cross-Site Scripting XSS...

6.1CVSS5.8AI score0.00303EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

Gainsight Assist 安全漏洞

Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from the state parameter in the OAuth callback URL exposing the base64-encoded user email address, potentially leading to personal...

6.1CVSS6AI score0.00303EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

Gainsight Assist 安全漏洞

Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from improper handling of the errordescription parameter. This vulnerability may lead to reflective cross-site scripting attacks...

6.1CVSS5.9AI score0.00303EPSS
Exploits1References1
Rows per page
Query Builder