An XSS bypass trick has been discovered by @garethheyes. The payload used is <script> var div="<!–<script>" </script><div>/-alert(1) </script>. This bypass affects multiple WAFs and showcases a creative method to evade security controls. For more technical details, visit the original tweet by @garethheyes.
For more insights, check out the original tweet here: https://twitter.com/XssPayloads/status/1813785270602629280