A XSS payload can be hidden inside SVG or Math elements to bypass XSS sanitizers or WAF filters. This technique can be used to evade detection and execute malicious code on vulnerable websites. Security researchers should be aware of this bypass method and ensure their WAF configurations are robust against such attacks.
Original tweet: https://twitter.com/therceman/status/1808414390011437163