A WAF bypass for Akamai was discovered that led to 30 XSS vulnerabilities in a large platform. The bypass payload used was '><input type="hidden" oncontentvisibilityautostatechange="confirm(/Bypassed/)" style="content-visibility:auto">'. This bypass exploited the oncontentvisibilityautostatechange attribute to trigger a confirmation dialog, bypassing Akamai's protections. This vulnerability highlights the importance of thorough WAF configurations and protections against XSS attacks. #BugBounty #WAF #XSS