Hacker News new | comments | show | ask | jobs | submit login

My name is on https://protonmail.ch/blog/protonmail-security-contributors/ because I reported a critical XSS vulnerability to them when they were previously mentioned on here.

All you needed to do was send an email which contained a From header with script embedded in the name part:

  From: "<script>Do evil</script>" <address@example.com>
All I did to find this vulnerability was sign up for an account and then plonk the email address they gave me into https://emailprivacytester.com/ (of which I am the author)



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: