A new XSS bypass payload has been discovered for various WAFs. The payload is '<a%20href=%0dj	avascript:x='trela'.split('').reverse().join('');self[x](origin)>'. This payload can evade different WAFs and execute malicious JavaScript code. Researchers recommend WAF vendors to update their security rules to prevent such bypasses.
For more insights, check out the original tweet here: https://twitter.com/technical_br01/status/1846529033032618194