The remote host is vulnerable to an HTML injection attack.
The remote host is running paBox, a web application written in PHP. This version of paBox is vulnerable to a remote HTML/script injection flaw. An attacker exploiting this flaw would only need to be able to send HTTP requests to the vulnerable application. A successful exploit would result in potential theft of confidential data (configuration data, browser cookies, and more) or browser-side code execution.
Upgrade or patch according to vendor recommendations.