Proton news(new window)

Update about reported XSS issue

Share this page

Last update on July 11, 2022 Published on July 8, 2014

A couple of days ago, a video was circulated online that claimed Proton Mail is susceptible to a XSS (cross-site scripting) issue which raised some concerns among Proton Mail users. We want to clarify that this does not impact the current version of Proton Mail(new window).

XSS issue

Proton Mail is constantly making security improvements through our beta process and we appreciate all the assistance we have received from the community in helping us make Proton Mail better. The concept of encrypting on the client side is a relatively new one and comes with its own security challenges which we are working diligently to tackle.

The Proton Mail security team has reviewed the video and confirmed that this particular security issue is not present on the live version of Proton Mail. The video is showing an earlier development version of Proton Mail that was originally released on May 10, 2014 for limited testing, and is not used in the current production systems.

We are supportive of all efforts to improve the security of Proton Mail and appreciative of our security contributors(new window). Security inquiries can always be directed to security@proton.me

Protect your privacy with Proton

Create a free account

Related articles

For business

Introducing seamless productivity features for Proton Mail and Proton Calendar

Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr

what is a brute force attack

Privacy basics

What is a brute force attack?

On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a

Privacy deep dives

A closer look at US warrantless surveillance programs

Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi

Privacy basics

What to do if your data is leaked?

In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often

Proton news

Introducing Dark Web Monitoring for credential leaks

Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches

proton pass f-droid

Proton news

Proton Pass open source password manager is now available on F-Droid

Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage