Gainsight: >> Assist Security Vulnerabilities
An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-20
The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-20