The remote host is missing an update to mahara announced via advisory DSA 1736-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201736-1

It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting attacks, which allows the injection of arbitrary Java or HTML code. For the stable distribution (lenny), this problem has been fixed in version 1.0.4-4+lenny1. The oldstable distribution (etch) does not contain mahara. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your mahara package.