A new Cloudflare WAF bypass for XSS has been discovered by xss0r. The payload used is <details open ontoggle=alert(document.cookie)>. This bypass affects Cloudflare WAF in 2024. To mitigate this issue, Cloudflare users should ensure their security configurations are up to date.
Original tweet: https://twitter.com/testtriage21277/status/1862760330180665547