The remote web server is affected by a cross-site scripting vulnerability.
The remote host is running ListManager, a web-based commercial mailing list management application from Lyris. The version of ListManager installed on the remote host fails to sanitize user input to the 'words' parameter of the 'read/search/results' script before including it in dynamic HTML output. An attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.
Upgrade to ListManager greater than 9.3d