Category: X (Twitter)

Introduction On December 23, 2019, I received an email from Facebook Workplace introducing the ‘New Workplace Academy,’ which directed me to the domain ‘https://training.wplearn.com.’ While investigating this domain, I discovered it utilized a third-party service called ‘Intellum.’ During my testing, I identified a reflected XSS vulnerability in the login functionality of the site. Further research…