Silent Breach Discloses 0-Days on Cloudflare Website

Silent Breach Labs

Following the release of a successful patch, Silent Breach can now disclose that we've identified a Cross Site Scripting (XSS) vulnerability on Cloudflare's network that allowed Silent Breach researchers to bypass Cloudflare's Web Application Firewall (WAF)
Upon discovering the issue, Silent Breach Labs immediately reached out to Cloudflare, and worked together to ensure that the issue was successfully mitigated and that users remained protected in the meantime.

The XSS WAF Bypass vulnerability was reported to Cloudflare on September 25, 2020 and was successfully closed on or before October 13, 2020.

For more information or for guidance on how this issue may affect your organization, please contact Silent Breach at: or at

Silent Breach's research team uncovers new 0-days in popular systems on a regular basis and works closely with the affected parties to ensure that the vulnerabilities are properly and securely disclosed, monitored and patched.

As a standard practice, Silent Breach does not confirm, discuss or disclose any security issues or vulnerabilities until a fix has been released on all affected systems or until express permission has been provided by the relevant parties.

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.