The tweet mentions bypassing WAF using the payload 'eval'. This can be considered as a bypass for XSS vulnerabilities. It is important to note that WAFs typically block payloads like 'eval' to prevent code execution. However, if the WAF rules are not properly configured or if there are evasion techniques in place, such as encoding or obfuscation, the 'eval' payload may bypass the WAF. It is crucial for organizations to continuously update and tune their WAF rules to effectively prevent such bypasses.
Check out the original tweet here: https://twitter.com/YanC1eS3c/status/1931328129941086670