The remote host is vulnerable to an HTML injection attack.
The remote host appears to be running a vulnerable version of Mantis, a bug tracker web application written in PHP. It is reported that versions lower than 1.1.0 are vulnerable to a persistent HTML injection attack. The root of the flaw is in the way that Mantis handles user-supplied data to the 'view.php' script. An attacker exploiting this flaw would only need the ability to send HTTP requests to the 'view.php' script. Successful exploitation would result in arbitrary code being executed within the browser of other Mantis users.
Upgrade to version 0.19.5, 1.0.0 RC5 or higher.