This conference talk from RSA Conference explores how a simple WAF bypass challenge uncovered a vulnerability affecting thousands of organizations through a regulation-required accessibility plugin. Join Eilon Cohen, Security Analyst, and Ori Ron, Senior Security Researcher from Checkmarx as they examine how this accessibility plugin, mandated by regulations, became a widespread XSS vulnerability vector. Discover the real-world implications for sensitive sectors, dive into the plugin's source code and behavior analysis, and learn practical methods for identifying similar vulnerabilities and detecting potential malicious exploitation. The 36-minute presentation provides valuable insights for security professionals looking to understand the unintended consequences of regulatory requirements on cybersecurity.