The tweet mentions a WAF bypass based on XSS. The specific payload used is 'based'. The vendor of the WAF is unknown. Refer to the previous tweet for payloads.
For more details, check out the original tweet here: https://twitter.com/syper_shuvo/status/1883388822505083162