The remote host is missing an update to drupal announced via advisory DSA 1147-1. Ayman Hourieh discovered that Drupal, a dynamic website platform, performs insufficient input sanitising in the user module, which might lead to cross-site scripting.
For the stable distribution (sarge) this problem has been fixed in version 4.5.3-6.1sarge3. For the unstable distribution (sid) this problem has been fixed in version 4.5.8-2. We recommend that you upgrade your drupal package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201147-1