CVE-2026-30977

N/A Unknown
Published: March 10, 2026 Modified: March 11, 2026
View on NVD

Description

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This vulnerability is fixed in 0.1.1.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/lihaohong6/RenderBlocking/commit/096fc47dad9dca153b02cba3db81f412c87fb2be
Source: security-advisories@github.com
https://github.com/lihaohong6/RenderBlocking/releases/tag/v0.1.1
Source: security-advisories@github.com
https://github.com/lihaohong6/RenderBlocking/security/advisories/GHSA-4h5r-8rjm-496r
Source: security-advisories@github.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
17th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs

CVE-2026-4529 8.8
CVE-2026-3629 8.1
CVE-2026-4528 7.3
CVE-2026-2756 5.0
CVE-2019-25582 6.5