VYPR
Vendor

Gainsight

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2026-31382MedMar 20, 2026
    risk 0.40cvss 6.1epss 0.00

    The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload.

  • CVE-2026-31381MedMar 20, 2026
    risk 0.34cvss 5.3epss 0.00

    An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.