Gainsight Assist Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Gainsight Assist plugin, specifically within the error_description parameter of the OAuth callback URL. This vulnerability allows an attacker to inject malicious HTML, which can be executed automatically in the victim's browser, particularly in Safari. The injection can bypass the domain's Web Application Firewall (WAF) and lead to client-side exploitation, such as resource exhaustion or malware delivery.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the Gainsight OAuth callback URL with a crafted error_description parameter that includes the malicious HTML payload. The payload should be designed to exploit Safari's onpagereveal event, which will trigger the execution of the injected script as soon as the page is loaded. Once the payload is executed, it can cause an infinite loop by repeatedly calling the same URL, leading to resource exhaustion or log flooding.

Remediation

Gainsight has implemented a server-side code-level fix for this vulnerability as of March 6, 2026. Users should ensure they are using the latest version of the Gainsight Assist plugin.