Proton Mail XSS Vulnerability: A Deep Dive into the 2022 Exploit
The Sonar Research team identified the vulnerability during a routine audit of Proton's open-source repositories. The issue stemmed from how the web application handled user-controlled HTML. While senders need the ability to style messages, failing to properly sanitize certain tags can allow malicious tags to execute in a reader's browser. How the Exploit Worked Proton Exploit
Proton maintained its commitment to security through its Responsible Vulnerability Disclosure Policy . Proton Mail XSS Vulnerability: A Deep Dive into
An attacker would need to send two carefully crafted emails to the target. How the Exploit Worked Proton maintained its commitment
Shift the tone (e.g., for developers or simpler for general users).
Analysis of spam and virus filter logs showed no evidence of the exploit being used in the wild by malicious actors.