This is a reflexive XSS vulnerability. It is non-persistent and some browsers protect against this type of attack, but it can return full HTML.
Information for security researchers
CVE Identifier: CVE-2012-5490
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Overall CVSS Score: 3.4
Credit: Richard Mitchell (Plone security team)