Summary
The remote web server contains a PHP script which is vulnerable to a cross site scripting vulnerability.
Description :
The target is running at least one instance of IlohaMail version 0.8.12 or earlier. Such versions do not properly sanitize message headers, leaving users vulnerable to XSS attacks. For example, a remote attacker could inject Javascript code that steals the user's session cookie and thereby gain access to that user's account.
Solution
Upgrade to IlohaMail version 0.8.13 or later.