EPSS
Percentile
37.3%
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
blog.deteact.com/bitrix-waf-bypass/