The remote host is missing an update to horde3 announced via advisory DSA 1470-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201470-1

Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client. This update also provides backported bugfixes to the cross-site scripting filter and the user management API from the latest Horde release 3.1.6. For the stable distribution (etch), this problem has been fixed in version 3.1.3-4etch2. The old stable distribution (sarge) is not affected. An update to Etch is recommended, though. We recommend that you upgrade your horde3 package.