This is an XSS bypass for Imperva WAF. The payload used is '><input type=hidden oncontentvisibilityautostatechange=alert(1) style=content-visibility:auto>'. Details of the bypass: The payload exploits the oncontentvisibilityautostatechange attribute to trigger an alert(1) function, allowing an attacker to execute arbitrary JavaScript code. For more technical details, visit the blog post.
Check out the original tweet here: https://twitter.com/Nicatabb/status/1909959990778962096