I would need to see the scan report to tell why that page failed.
normally it happens if you write a URL variable value to the page without scrubbing it using htmlentities. for example:
<php echo(isset($_POST['postval'])?htmlentities($_POST['postval'], ENT_QUOTES):""); ?>