This tweet mentions an XSS WAF bypass with the payload <script>alert(1)</script>. The WAF vendor is Universal. This bypass can be used for Bug Bounty programs. The blog post about this bypass should cover the technical details of how the payload works and how it evades the WAF protection.
Check out the original tweet here: https://twitter.com/z0_enix/status/1839869569449492504
Subscribe for the latest news: