When Cloudflare WAF allows execution of JavaScript, it can be bypassed 100% using XSS. This bypass can potentially lead to serious security vulnerabilities in the protected application. Additional details and mitigation strategies should be implemented to prevent such bypasses.
Original tweet: https://twitter.com/0xb0hl00l/status/1815972030035931368