A new XSS bypass was discovered for Imperva WAF. The payload used was <img src=x onerror=alert(1)>. This bypass allows malicious code to be executed in Imperva WAF protected applications. Full details can be found on the blogpost.
For more insights, check out the original tweet here: https://twitter.com/DuncanCitizen2/status/1792851804146774327