$_GET['tab'] is not escaped.
So if user has at least one not dismissed notice, we have reflected XSS.
Similar bug exists inside hints.
Proof of Concept:
- 26-10-2015: Discovered
- 26-10-2015: Vendor notified
- 29-10-2015: Version 22.214.171.124 released, issue resolved