A new XSS vulnerability has been discovered in Cloudflare's WAF. The bypass payload <Img Src=OnXSS OnError=confirm('OPENBUGBOUNTY')> triggers a confirm popup with the message 'OPENBUGBOUNTY'. Security researchers should be cautious and Cloudflare users are advised to update their WAF rules accordingly to protect against this bypass.
Original tweet: https://twitter.com/GREENSL31146133/status/1819684460243079168