CVE-2022-43673

Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved for a limited period of time from the AppData\Roaming\Wire\IndexedDB\httpsapp.wire.com0.indexeddb.leveldb database...

CVE-2022-29168 Cross Site Scripting in Wire Messages

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...