A funny WAF bypass was discovered by @coffinxp7. This bypass exploits an XSS vulnerability using the payload '<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">'. This vulnerability affects multiple WAF vendors. It allows an attacker to execute malicious JavaScript code and steal sensitive information like cookies. For more details, check out the blog post.
For more details, check out the original tweet here: https://twitter.com/XssPayloads/status/1798944656946065793