A new XSS bypass for Cloudflare WAF has been discovered. The payload used is %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E. This bypass allows an attacker to execute malicious scripts on the target website. A detailed blog post will cover the technical details of this bypass, including the product affected, the vendor, and the implications of the vulnerability.
For more insights, check out the original tweet here: https://twitter.com/akaclandestine/status/1781242850081923256