A new Cloudflare WAF bypass for XSS has been discovered by xss0r. The bypass payload is <details open ontoggle=alert(document.cookie)>. This bypass allows executing JavaScript code on the vulnerable site. For more technical details and how to protect against this bypass, read the blogpost by xss0r.
For more details, check out the original tweet here: https://twitter.com/kCXYAks2BMZcpOi/status/1862066762730389706