A bypass for Cloudflare WAF has been identified using a crafted XSS payload. The payload exploits HTML entity encoding to evade WAF filters and execute a malicious script. The payload includes a link, script tag, and an alert(1) function to trigger an alert box. This bypass highlights the importance of thorough input validation to prevent XSS attacks.
For more insights, check out the original tweet here: https://twitter.com/Esparta6108713/status/1779257627622388002