A XSS double encoding payload has been used to bypass an unidentified WAF. The payload was delivered by @KN0X55 after scanning the URL. The tweet suggests that hidden parameters were found to assist in the bypass. Further details are needed to identify the WAF vendor and provide a comprehensive analysis.
Check out the original tweet here: https://twitter.com/Alra3ees/status/1906015715741630553