This is because you are displaying form values on the page directly like this:
<?php echo((isset($_POST["Full_Name"]))?$_POST["Full_Name"]:"") ?>
Users could put some code other than their Full_Name when they fill out the form and then the code would run on the page. You may actually be preventing this with server side validation, but there is no way for your testing software to know that.
You can fix these errors by using:
<?php echo((isset($_POST["Full_Name"]))?htmlspecialchars($_POST["Full_Name"]):"") ?>
the htmlspecialchars() function would encode anything that would allow cross site scripting.
The bad news is that this isn't how someone uploaded malicious files and hacked you. XSS allows users to get sensitive data from your customers like cookies but it isn't the type of vulnerably that opens the door to a full hack. This is worth correcting on the pages, but won't solve your larger issue.