XSS in Lihaohong6 Renderblocking

CVE-2026-30977

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets =…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (19.2th percentile) — read the EPSS interpretation.

Affected products

Lihaohong6 Renderblocking — versions < 0.1.1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/lihaohong6/RenderBlocking/security/advisories/GHSA-4h5r-8rjm-496r (x_refsource_CONFIRM)
https://github.com/lihaohong6/RenderBlocking/commit/096fc47dad9dca153b02cba3db81f412c87fb2be (x_refsource_MISC)
https://github.com/lihaohong6/RenderBlocking/releases/tag/v0.1.1 (x_refsource_MISC)