Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.0
MediaWiki Extension Allows Malicious Code to be Injected via Stored XSS
CVE-2026-30977
Summary
A security issue in the RenderBlocking extension for MediaWiki allows an attacker to inject malicious code into websites. This can happen if the website uses the extension and has certain settings enabled. To fix this, update the extension to version 0.1.1 or later.
Original title
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Ass...
Original description
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This vulnerability is fixed in 0.1.1.
nvd CVSS4.0
2.0
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026