A CloudFlare WAF bypass for XSS has been discovered. The payload used for the bypass is <button%20popovertarget=x>Click%20me</button><img%20onbeforetoggle=alert(1)%20popover%20id=x>XSS. This vulnerability allows for executing XSS attacks even when protected by CloudFlare WAF. Credit goes to @FaIyaZz007. #BugBounty #bugbountytip #bugbountytips #BugBountyVillage
Original tweet: https://twitter.com/grumpzsux/status/1812198213337874860
Subscribe for the latest news: