The remote host is running the 'Snif' CGI suite. There is a vulnerability in it which may allow an attacker to insert a malicious HTML and/or Javascript snipet in the response returned to a third party user (this problem is known as a cross site scripting bug).

None at this time - disable this CGI suite