XSS issue: scan result says the scripts are vulnerable but cannot tell where
My UK site (www.rowingcentre.co.uk) is managed by 123-REG hosting company.
Recently the site has been hacked twice. I manually managed to delete the suspicious files for the first hack but the second time I reinstalled the whole site with clean files, then bought this ‘XSS scan’ provided by the host which detect the vulnerable scripts.
Attached image is the scan result but I have no clue what parts are vulnerable.
There are two files and I used WA’s app for both of them to build so hopefully you can tell what is wrong?
At the moment there’s no error and everything is fully functional.
Thank you for your help in advance.