CVE-2026-30977
The CVE covers the MediaWiki extension RenderBlocking. Before version 0.1.1, a Stored XSS flaw existed in renderblocking-css when Inline Assets mode was used. Exploitation requires wgRenderBlockingInlineAssets = true and editsitecss user rights. The issue is fixed in 0.1.1. Affected component: re...