When attacking poorly written and XSS-prone web applications, an application firewall can obstruct success. To bypass it, an attacker can use a simple XSS payload like <script>alert('Bypassed WAF')</script> to evade detection and execute malicious scripts. This highlights the importance of securing web applications against XSS vulnerabilities and implementing strong WAF rules.
For more details, check out the original tweet here: https://twitter.com/Gregory11Jak/status/1813113863291785470