The remote host is missing an update to kronolith2 announced via advisory DSA 1560-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201560-1

The-0utl4w discovered that the Kronolith, calendar component for the Horde Framework, didn't properly sanitise URL input, leading to a cross-site scripting vulnerability in the add event screen. For the stable distribution (etch), this problem has been fixed in version 2.1.4-1etch1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your kronolith2 package.