用X scan 扫出来网站的phpWebLog Cross Site Scripting 漏洞 怎么关闭

警告 www (80/tcp) phpWebLog Cross Site Scripting

The remote host is running phpWebLog, a news and content management
system written in PHP.

Due to improper filtering done by search.php a remote attacker
can cause the phpWebLog product to include arbitrary HTML and/or
JavaScript.

An attacker may use this bug to perform a cross site scripting attack
using the remote host.

Solution : Disable this script.
Risk factor: Medium
CVE_ID : CAN-2005-0698
BUGTRAQ_ID : 12747
NESSUS_ID : 17343

Solution : Disable this script.
这一行说的很清楚了，解决方案就是禁止此脚本。
但是根据search.php来看，这貌似是个搜索页，如果禁用的话对功能有影响。所以如果你编码能力不错的话就在页面中添加一些代码，过滤掉<、/之类的跨站利用字符。

任务占坑