Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. Upstream patch: https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d References: http://www.openwall.com/lists/oss-security/2015/03/02/7 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5145