Pigggo

**Name of the Vulnerable Software and Affected Versions** Quiz And Survey Master plugin versions prior to 6.3.5 **Description** The issue allows an attacker to execute arbitrary HTML and JavaScript code. This can occur via the `from` or `till` parameter, and/or the `quiz id` parameter, in the admin/quiz-options-page.php component. The attack vector involves a reflected XSS that may execute when an Administrator clicks on a malicious URL while logged in. **Recommendations** For versions prior to 6.3.5, update to version 6.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/quiz-options-page.php component to minimize the risk of exploitation. Avoid using the `from`, `till`, and `quiz id` parameters in the affected component until the issue is resolved.