CVE-2026-30977

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...

CVE-2026-30977 RenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...

CVE-2026-30977

The CVE covers the MediaWiki extension RenderBlocking. Before version 0.1.1, a Stored XSS flaw existed in renderblocking-css when Inline Assets mode was used. Exploitation requires wgRenderBlockingInlineAssets = true and editsitecss user rights. The issue is fixed in 0.1.1. Affected component: re...

RenderBlocking 跨站脚本漏洞

RenderBlocking is a media wiki extension developed by Peter Li, designed to prevent page style changes from occurring intermittently. Versions of RenderBlocking prior to 0.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderblocking-css in the Inline Asse...