The tweet shows a bypass for a WAF that filters HTML tags. By placing the <!–> before the tags, the WAF can be bypassed. This is a Cross-Site Scripting (XSS) vulnerability. The vendor of the WAF is unknown. This bypass technique can be used to inject malicious scripts into a website. It is important for security teams to be aware of such bypass methods to ensure better protection against XSS attacks.
Check out the original tweet here: