Every CVE whose affected-product data names Gainsight Assist, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-31382 — CVSS 6.1 (medium): The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific…
CVE-2026-31381 — CVSS 5.3 (medium): An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.