CVE-2026-30977

UNKNOWN 0.0

RenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This vulnerability is fixed in 0.1.1.

CWE	CWE-79
Vendor	lihaohong6
Product	renderblocking
Published	Mar 10, 2026
Last Updated	Mar 11, 2026

Stay Ahead of the Next One

Get instant alerts for lihaohong6 renderblocking

Be the first to know when new unknown vulnerabilities affecting lihaohong6 renderblocking are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

lihaohong6 / RenderBlocking

< 0.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/lihaohong6/RenderBlocking/security/advisories/GHSA-4h5r-8rjm-496r github.com: https://github.com/lihaohong6/RenderBlocking/commit/096fc47dad9dca153b02cba3db81f412c87fb2be github.com: https://github.com/lihaohong6/RenderBlocking/releases/tag/v0.1.1