A Cloudfront XSS WAF bypass has been discovered using the payload: <svg/onload=window[“al”+”ert”]`1337`>. Steps to bypass include manipulating the alert function, replacing spaces, and encoding symbols. More details can be found in the tweet.
Check out the original tweet here: https://twitter.com/MahinMosharrof/status/1771972699835015615