Update about reported XSS issue

Share this page

A couple of days ago, a video was circulated online that claimed Proton Mail is susceptible to a XSS (cross-site scripting) issue which raised some concerns among Proton Mail users. We want to clarify that this does not impact the current version of Proton Mail.

XSS issue

Proton Mail is constantly making security improvements through our beta process and we appreciate all the assistance we have received from the community in helping us make Proton Mail better. The concept of encrypting on the client side is a relatively new one and comes with its own security challenges which we are working diligently to tackle.

The Proton Mail security team has reviewed the video and confirmed that this particular security issue is not present on the live version of Proton Mail. The video is showing an earlier development version of Proton Mail that was originally released on May 10, 2014 for limited testing, and is not used in the current production systems.

We are supportive of all efforts to improve the security of Proton Mail and appreciative of our security contributors. Security inquiries can always be directed to security@proton.me

Share this page

Related articles

Ransomware attacks are on the rise. Experts now consider it as one of the biggest threats to businesses and organizations, presenting an evolving and continuous challenge to IT security teams.  In its 2021 report, IBM Security calculated that the gl
Cryptocurrency scams have cost people over a billion dollars — and they’re only becoming more prevalent. Learn what to look out for to avoid being scammed yourself.  The Washington Post recently reported that over $1 billion was lost to cryptocurren
Today is World Wide Web Day, when the world celebrates all the amazing things that were enabled when Sir Tim Berners-Lee, a member of our advisory board, created the building blocks of the web at the European Organization for Nuclear Research (CERN)