A Cloudflare WAF bypass for XSS was found by injecting an image on a website. To perform this bypass, an attacker can use the image injection payload. Cloudflare users should be aware of this vulnerability and take necessary precautions to protect their websites.