Most Dreamweaver recordsets include an "or die(mysql_error())" statement, for example:
$WADAproducts = mysql_query($query_limit_WADAproducts, $test) or die(mysql_error());
remove the "or die(mysql_error())" statemtne frpom the recordsets to resolve the database disclosure errors.
For the cross site scripting errors, edit the form action code for the add to cart buttons:
action="<?php echo $_SERVER["PHP_SELF"]; ?><?php echo (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != "")?"?".$_SERVER["QUERY_STRING"]:""; ?>"
to:
action="<?php echo $_SERVER["PHP_SELF"]; ?><?php echo (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != "")?"?".str_replace("<","<",str_replace(">",">",str_replace('"',""",$_SERVER["QUERY_STRING"]))):""; ?>"
if you continue to have issues, please post back the report from McAffee and a copy of the page.