I am not about now but there were a few. Google css xss.
There was/is(?) the background-image on visited links "hack". Put simply, you could specify a background-image on a link to, let's say, facebook.com and you would know if the user has visited facebook because they would have loaded the image.
I'm pretty sure today's browsers don't let you specify background images on visited links because of this.