Jun 7, 09:58 PM

CSS Injection Vulnerability Discovered on GitHub During CSSDay, Leading to Security Concerns

A CSS injection vulnerability has been discovered on GitHub, allowing users to customize their profiles in unintended ways. The vulnerability, involving MathJax, was initially found by @cloud11665 and later confirmed by other security researchers. This flaw enables users to inject CSS code into their profiles, leading to creative customizations and potential security risks. For instance, researchers have shown that the vulnerability can be exploited to create ReadMe files that log users out of their profiles or even capture their IP addresses. GitHub is now facing scrutiny as the platform has become a playground for such exploits.

#CSS #GitHub #MathJax #ReadMe

Written with ChatGPT (GPT-4o).

Sources

vx-underground@vxunderground
2 years ago
Today following the CSS injection discovered by @cloud11665, security researcher @vmfunc discovered you can also create ReadMe files which force log people out of their GitHub profiles. Oh, and you can make IP grabbers! GitHub has now become the wild west https://t.co/2SQCRV0nal
vx-underground@vxunderground
2 years ago
Today @cloud11665 discovered a CSS injection vulnerability (or super cool customization feature) on GitHub. * Reposted for issue correction * Initially attributed discovery to wrong person Video shared from @yacineMTB https://t.co/B1ctuRh1MN
kache@yacineMTB
2 years ago
just updated my github profile page. what do you guys think? https://t.co/v1w1zdHBEo

Additional media

Image #1 for story css-injection-vulnerability-discovered-on-github-during-cssday-leading-to

CSS Injection Vulnerability Discovered on GitHub During CSSDay, Leading to Security Concerns

Sources

Additional media

Similar Stories