A new XSS WAF bypass technique has been discovered using invisible separators before or after the function name. Payload examples:<br><br>&lt;img/src/onerror=alert&amp;#xFEFF;(1337)&gt;<br>&lt;svg/onload=&amp;nbsp;alert&amp;#65279;(2)&gt;<br><br>This bypass can be used to evade WAF protection for XSS vulnerabilities. Make sure to update your security measures to account for this new technique.
For more insights, check out the original tweet here: https://twitter.com/RootMoksha/status/1808067082782925159. And don’t forget to follow @RootMoksha for more exciting updates in the world of cybersecurity.