Vulnerability Title: Guitar Pro Directory Traversal and Filename XSS CVEs: CVE-2022-43263 and CVE-2022-43264 Affected Application: Guitar Pro (version 1.10.2) Platforms: iPad and iPhone Vulnerability Type: - Filename XSS - Directory Traversal Description: - Filename XSS: Found when uploading a file named to the application. - Directory Traversal: Observed while using Burp to upload/download files. It was possible to download files from the device's directory using a malicious URL. Impact: Allows attackers to potentially access sensitive files or execute malicious scripts within the application context. Vendor Notification: The author mentions notifying the vendor about the vulnerabilities.