A bypass for HTML scenarios targeting XSS vulnerability has been identified with the payload <A HRef=" AutoFocus OnFocus=top/**/?.['al'%2B'ert'](1)>. This bypass technique can be used across various WAF vendors and can potentially bypass their protections. Security researchers can utilize this payload in bug bounty programs to discover vulnerabilities.
Original tweet: https://twitter.com/RootMoksha/status/1786635472657158563