The remote host is missing an update to squirrelmail announced via advisory DSA 1682-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201682-1

Ivan Markovic discovered that SquirrelMail, a webmail application, did not sufficiently sanitise incoming HTML email, allowing an attacker to perform cross site scripting through sending a malicious HTML email. For the stable distribution (etch), this problem has been fixed in version 1.4.9a-3. For the unstable distribution (sid), this problem has been fixed in version 1.4.15-4. We recommend that you upgrade your squirrelmail package.