A vulnerability bounty program with XSS issues and Cloudflare WAF was tested with the payload <script>alert('XSS bypass')</script>, but it is no longer effective. Here is a new XSS payload that can be used for bypassing Cloudflare WAF: <script>alert('New XSS bypass')</script>. For more details on this bypass, check out our blogpost for a comprehensive analysis.
For more insights, check out the original tweet here: https://twitter.com/w8ay1/status/1836450915072856454. And don’t forget to follow @w8ay1 for more exciting updates in the world of cybersecurity.