Cross-site scripting vulnerability issue

Good day everyone,

Forgive my ignorance if I am getting this wrong. This is my first foray into this forum.

I built a piece of courseware, using Storyline, for my organisation and the courseware included some step-by-step interactive guides. Recently, my IT systems folk ran a vulnerability scan on all systems and came across one which they traced back to my courseware. As a result they have taken down my content until I can rectify it. Here is the cross-site scripting vulnerability information that they forwarded to me:

·         Line 194:Unsafe client output calling location.replace() with tainted arg

·         Line 194:String concatenation with user-controlled value

·         Line 186:Initialization of "strQuery" from user-controlled value

·         Line 186:String concatenation with user-controlled value

·         Line 186:Result of taint-preserving function call on user-controlled value

·         Line 186:"document.location.search.substr" is controlled by the user

Would appreciate it anyone could please explain this to me point me to how I can understand and resolve this. I would be happy to share the content if it will expedite the identification and resolution of the problem.

They also sent me a reference to the cross-site scripting vulnerability issue (http://www.webappsec.org/projects/articles/071105.shtml) but unfortunately, that is a flying a little over my head. 

This is quite pressing, so any help on this would be most appreciated. Many thanks!

Kenneth