A new XSS WAF bypass technique has been discovered using multi-char HTML entities. The payload includes the following translations:
fj translates to fj
&nvgt; translates to < + [?]
&nvlt; translates to > + [?]
This technique can be used to bypass various WAFs. For more details, visit the Unicode symbol link: https://t.co/RKNR6gnqL4
For more details, check out the original tweet here: https://twitter.com/therceman/status/1803666353892585642