Gui-Ying233

**Name of the Vulnerable Software and Affected Versions** MediaWiki RenderBlocking versions prior to 0.1.1 **Description** The RenderBlocking extension for MediaWiki allows interface administrators to specify render-blocking CSS and JavaScript. Prior to version 0.1.1, a Stored Cross-Site Scripting (XSS) issue exists in the renderblocking-css component when Inline Assets mode is enabled. This requires `$wgRenderBlockingInlineAssets` to be set to true and the user to have editsitecss permissions. **Recommendations** Update to RenderBlocking version 0.1.1 or later.