Not sure if this is a new Cloudflare WAF bypass, but all known CF bypasses I tried were blocked. So I played around with the spaces and the on events and finally found one that works:

“><svg on onload =%20 prompt(document.domain) >

#CloudflareXSSBypass #bugbounty https://t.co/EzwzSUdS3T