대학교 도메인 네임서버을 연결사용하려고하는데

Acunetix 취약점 스캐너로 점검해다고합니다. 그런데 

high 1개 와  Medium 6개가 나와서 연결시켜줄수가 없다고하네요..........

기관이나 학교에서 웹취약점 통과하신 분 설명 좀 부탁드립니다.

Cross site scripting 1개
Severity    ---------------------     High

Reported by module  ---------    Scripting (XSS.script)

Description
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

Impact
Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then impersonate that user.
Furthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user. Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.

Recommendation
Apply context-dependent encoding and/or validation to user input rendered on a page

References
Cross-site Scripting (XSS) Attack - Acunetix (https://www.acunetix.com/websitesecurity/cross-site-scripting/) Types of XSS - Acunetix (https://www.acunetix.com/websitesecurity/xss/) Cross-site Scripting - OWASP (http://www.owasp.org/index.php/Cross_Site_Scripting) XSS Filter Evasion Cheat Sheet (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) Excess XSS, a comprehensive tutorial on cross-site scripting (https://excess-xss.com/) Cross site scripting (http://en.wikipedia.org/wiki/Cross-site_scripting )
Affected items

/bbs/board.php

Details URL encoded GET input sca was set to 1'"()&%<acx><ScRiPt >WcfL(9336)</ScRiPt> Request headers GET /bbs/board.php?ajax_ck=1&bo_table=notice&page=2&sca=1'"()%26%25<acx> <ScRiPt%20>WcfL(9336)</ScRiPt> HTTP/1.1 Referer: http://altobnc.com Cookie: PHPSESSID=31063qv02pdko2jufl3e7vpbm7; 2a0d2363701f23f8a75028924a3af643=MTY4LjExNS43Ny45MA%3D%3D; e1192aefb64683cc97abb83c71057733=cHJvZmVzc29y; ck_font_resize_rmv_class=; ck_font_resize_add_class= Host: altobnc.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Acunetix-Product: WVS/11.0 (Acunetix - WVSE) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */*

 HTML form without CSRF protection  총4개
/bbs/login.php 1개
/bbs/new.php 1개

/bbs/password_lost.php 1개 

/bbs/register.php 1개
 

User credentials are sent in clear text 총2개

/bbs/login.php 1개

/bbs/register_form.php 1개