Can you get pwned with CSS?

I recently started to consider changing the grading criteria on Security Headers which isn't something that happens very often. I wanted to make a change that would result in more sites achieving the highest possible grade of A+ and involved removing the penalty for use of 'unsafe-inline' in the style-src
Related Topics: CSS