ProtonBlog(new window)
Subscribe by RSS

Update about reported XSS issue

Proton Team(new window)

Share this page

A couple of days ago, a video was circulated online that claimed Proton Mail is susceptible to a XSS (cross-site scripting) issue which raised some concerns among Proton Mail users. We want to clarify that this does not impact the current version of Proton Mail(new window).

XSS issue

Proton Mail is constantly making security improvements through our beta process and we appreciate all the assistance we have received from the community in helping us make Proton Mail better. The concept of encrypting on the client side is a relatively new one and comes with its own security challenges which we are working diligently to tackle.

The Proton Mail security team has reviewed the video and confirmed that this particular security issue is not present on the live version of Proton Mail. The video is showing an earlier development version of Proton Mail that was originally released on May 10, 2014 for limited testing, and is not used in the current production systems.

We are supportive of all efforts to improve the security of Proton Mail and appreciative of our security contributors(new window). Security inquiries can always be directed to security@proton.me

Protect your privacy with Proton
Create a free account

Related articles

Social engineering is a common hacking tactic involving psychological manipulation used in cybersecurity attacks to access or steal confidential information. They then use this information to commit fraud, gain unauthorized access to systems, or, in
is whatsapp safe for sending private photos
WhatsApp is the world’s leading messaging app, trusted by billions of people around the globe to send and receive messages. However, is WhatsApp safe for sending private photos? Or are there better ways to share photos online privately? Let’s find ou
passwordless future
With the advent of passkeys, plenty of people are predicting the end of passwords. Is the future passwordless, though? Or is there room for both types of authentication to exist side-by-side?  At Proton, we are optimistic about passkeys and have int
At Proton, we have always been highly disciplined, focusing on how to best sustain our mission over time. This job is incredibly difficult. Everything we create always takes longer and is more complex than it would be if we did it without focusing on
is icloud keychain safe
If you’re on any Apple device, you’re familiar with the iCloud Keychain, the Apple password manager. It’s a handy tool that stores passwords for you and helps you manage your logins.  For a program that stores all your most sensitive data in one pla
We recently announced that Proton Pass now supports passkeys for everyone across all devices. Universal compatibility is a unique approach to implementing passkeys, unfortunately. Even though passkeys were developed by the FIDO Alliance and the Worl