The remote host is missing an update to imp4 announced via advisory DSA 2204-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202204-1

Moritz Naumann discovered that imp4, a webmail component for the horde framework, is prone to cross-site scripting attacks by a lack of input sanitising of certain fetchmail information. For the oldstable distribution (lenny), this problem has been fixed in version 4.2-4lenny3. For the stable distribution (squeeze), this problem has been fixed in version 4.3.7+debian0-2.1, which was already included in the squeeze release. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 4.3.7+debian0-2.1. We recommend that you upgrade your imp4 packages.