The GitHub CSS vulnerability saga
A few days ago, @cloud11665 tweeted about a vulnerability on GitHub that allowed users to inject custom CSS (among other things). Lo and behold, users everywhere started customizing their home pages a la MySpace. For a brief moment in time, we had the 90’s back.
The GitHub CSS vuln reminded me what social media sites took from us.
— Panley (@panley01) June 8, 2024
Back in the era of geocities where personal sites & blogs ruled, when gifs were peak cool & nothing was hidden away behind a login screen.
The Internet is so sterile now. pic.twitter.com/s0zB4vw1c1
CSS Injection using mathjax on GitHub READMEs for profiles
— bee (@bee_sec_san) June 7, 2024
Code:https://t.co/clvSdGxqPZ pic.twitter.com/3Rn6QuF2qO
GitHub patched one method but un-patched another..
— grim (@fuckgrimlabs) June 8, 2024
There's a new way to inject CSS into your profile 😬 pic.twitter.com/LzZ7Nq1SnP