Proton Exploit | HD |

The Sonar Research team identified the vulnerability during a routine audit of Proton's open-source repositories. The issue stemmed from how the web application handled user-controlled HTML. While senders need the ability to style messages, failing to properly sanitize certain tags can allow malicious tags to execute in a reader's browser. How the Exploit Worked

After researchers disclosed the bug in June 2022, Proton developed and deployed a fix by early July 2022. Proton Exploit

In June 2022, security researchers from SonarSource discovered a critical Cross-Site Scripting (XSS) vulnerability in the open-source code of Proton Mail. This flaw could have allowed attackers to bypass end-to-end encryption to steal decrypted emails and impersonate victims. The Discovery The Sonar Research team identified the vulnerability during

Proton Mail XSS Vulnerability: A Deep Dive into the 2022 Exploit How the Exploit Worked After researchers disclosed the

An attacker would need to send two carefully crafted emails to the target.