A new XSS bypass for Cloudflare WAF has been discovered by xss0r. The payload used is <details open ontoggle=alert(document.cookie)>. This bypass allows executing a script within the website to steal cookies. Security teams should be aware of this and take necessary actions to mitigate the risk.
For more insights, check out the original tweet here: https://twitter.com/kCXYAks2BMZcpOi/status/1862345534599831942
Subscribe for the latest news: