A Cross-Site Scripting (XSS) bypass was discovered for Cloudflare WAF. The bypass payload used was "><track/onerror='confirm1'>. This payload successfully evades the protections of Cloudflare WAF, allowing an attacker to execute malicious scripts on the target website. Security researchers should be aware of this vulnerability and website owners using Cloudflare WAF are advised to update their security measures to mitigate this XSS bypass.
For more insights, check out the original tweet here: https://twitter.com/MohammadAs94639/status/1777576116749742358