CVE-2026-30977

RenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode

Description

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This vulnerability is fixed in 0.1.1.

INFO

Published Date :

2026-03-10T17:40:38.098Z

Last Modified :

2026-03-11T14:18:37.430Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-30977 vulnerability.

Vendors	Products
Lihaohong6	Renderblocking

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30977.

URL	Resource
https://github.com/lihaohong6/RenderBlocking/commit/096fc47dad9dca153b02cba3db81f412c87fb2be
https://github.com/lihaohong6/RenderBlocking/releases/tag/v0.1.1
https://github.com/lihaohong6/RenderBlocking/security/advisories/GHSA-4h5r-8rjm-496r

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability