{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31382", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2026-03-09T09:05:14.106Z", "datePublished": "2026-03-20T13:04:45.195Z", "dateUpdated": "2026-03-23T10:21:50.305Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2026-03-23T10:21:50.305Z"}, "title": "Gainsight Assist reflected XSS/HTML injection", "datePublic": "2026-03-20T13:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')", "type": "CWE"}]}], "affected": [{"vendor": "Gainsight", "product": "Gainsight Assist", "versions": [{"status": "unknown", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload."}]}], "references": [{"url": "https://www.rapid7.com/blog/post/ve-cve-2026-31381-cve-2026-31382-gainsight-assist-information-disclosure-xss-fixed/", "tags": ["third-party-advisory"]}, {"url": "https://communities.gainsight.com/community-news-2/recent-gainsight-assist-plugin-remediations-cve-2026-31381-and-cve-2026-31382-30587", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"}}], "credits": [{"lang": "en", "value": "Christopher O\u2019Boyle, Cybersecurity Advisor at Rapid7", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T13:42:36.673080Z", "id": "CVE-2026-31382", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T13:42:41.884Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31382", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T13:42:36.673080Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T13:42:38.562Z"}}], "cna": {"title": "Gainsight Assist reflected XSS/HTML injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Christopher O\u2019Boyle, Cybersecurity Advisor at Rapid7"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gainsight", "product": "Gainsight Assist", "versions": [{"status": "unknown", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-20T13:00:00.000Z", "references": [{"url": "https://www.rapid7.com/blog/post/ve-cve-2026-31381-cve-2026-31382-gainsight-assist-information-disclosure-xss-fixed/", "tags": ["third-party-advisory"]}, {"url": "https://communities.gainsight.com/community-news-2/recent-gainsight-assist-plugin-remediations-cve-2026-31381-and-cve-2026-31382-30587", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload.", "supportingMedia": [{"type": "text/html", "value": "The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2026-03-23T10:21:50.305Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31382", "state": "PUBLISHED", "dateUpdated": "2026-03-23T10:21:50.305Z", "dateReserved": "2026-03-09T09:05:14.106Z", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "datePublished": "2026-03-20T13:04:45.195Z", "assignerShortName": "rapid7"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gainsight:assist:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEF026DD-1AD7-44D0-8960-A5DDAE4F1BDE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload."}, {"lang": "es", "value": "El par\u00e1metro error_description es vulnerable a XSS Reflejado. Un atacante puede eludir el WAF del dominio utilizando un payload onpagereveal espec\u00edfico de Safari."}], "id": "CVE-2026-31382", "lastModified": "2026-04-16T15:02:38.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cve@rapid7.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-20T14:16:14.727", "references": [{"source": "cve@rapid7.com", "tags": ["Vendor Advisory"], "url": "https://communities.gainsight.com/community-news-2/recent-gainsight-assist-plugin-remediations-cve-2026-31381-and-cve-2026-31382-30587"}, {"source": "cve@rapid7.com", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.rapid7.com/blog/post/ve-cve-2026-31381-cve-2026-31382-gainsight-assist-information-disclosure-xss-fixed/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cve@rapid7.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Gainsight Assist", "source": "cna", "vendor": "Gainsight"}, "product": "gainsight_assist", "vendor": "gainsight"}], "analysis": {"en": {"generated_at": "2026-03-20T15:05:23.710683+00:00", "value": {"mitigation_remediation": ["Visit the Gainsight website or support portal to locate and install the latest security update that addresses the XSS flaw in the error_description parameter.", "If a patch or update is not yet available, sanitize or otherwise block the error_description parameter to prevent reflected injection, or restrict accepted values to a strict whitelist.", "Deploy WAF or application layer rules that detect and block Safari\u2011specific onpagereveal patterns and other typical XSS payloads.", "Monitor web traffic for unusual error_description values and enforce strict output encoding on any custom pages that may reflect user input."], "summary": {"action": "Apply Patch", "impact": "Reflected XSS"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Gainsight Assist product from Gainsight. The exact version range is not specified in the available data, so all installations of Gainsight Assist should be reviewed to determine whether they are exposed.", "description_and_impact": "The flaw stems from the error_description parameter in Gainsight Assist, which allows a Reflected Cross\u2011Site Scripting (XSS) injection. An attacker can craft a payload that is executed in a victim\u2019s browser when the error_description value is reflected back in the response. Key detail from the official description: \"The error_description parameter is vulnerable to Reflected XSS.\"", "risk_and_exploitability": "The CVSS score of 6.1 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers must supply a malicious value for error_description, typically via a URL, and can steer the browser to execute the injected content; this is a client\u2011side attack. The description notes that a Safari\u2011specific onpagereveal payload can bypass domain WAF protections, potentially increasing the likelihood of successful exploitation for browsers that support this technique."}}}}, "created": "2026-03-20T16:27:15.312052+00:00", "updated": "2026-03-25T14:29:26.425838+00:00", "vendors": ["gainsight", "gainsight$PRODUCT$gainsight_assist"]}