The tweet mentions a Stored XSS vulnerability affecting Microsoft Bing. The tweet indicates that there was no WAF (Web Application Firewall) in place to prevent the Stored XSS attack. No specific bypass payload, encoding, or filtering was mentioned in the tweet. This vulnerability could potentially allow an attacker to inject malicious scripts into the website, leading to attacks on users visiting the affected page. Bug bounty hunters may have reported this vulnerability to Microsoft for remediation.
No WAF
No Bypass
No Encoding
and No Filtering…= Stored XSS ??#Microsoft #Bing #Bugbounty pic.twitter.com/dKj13qnL8O
— My Space! (@Supakiad_Mee) August 3, 2024