During my Penetration Testing assessment, I was able to exploit an XSS issue thanks to bypassing WAF rules implemented with CloudFront.