Need a Drupal expert for fixing some issue

1 High No client or server-side input validation has been implemented. This test successfully embedded a scripting the response, which will be executed once the page is loaded in the user's browser. Thus Cross-Site scripting attack is possible in the application. Open Run Time Error Patch throughout the application 2 High I-Frame injection attack is possible in the application. Open Run Time Error Patch throughout the application 3 High Denial of Service (DOS) attack is possible in the application. Open Open - 4 High The password between the server and client is passed in cleartext. It is possible for a malicious user to sniff into the network and access the application and password. Open Open - 5 High Malicious File Upload is possible in this Application. Open Page Not Working Patch throughout the application 6 High Upload module in the Public page. Open Page Not Working - 7 High Session Hijacking is possible in this Application. Open Open - 8 Medium It is possible to access authenticated pages through the back button of the browser. The back button is enabled in the application. Open Open Patch throughout the application 9 Medium Old Version of PHP, DRUPAL, jQuery and MySQL is used in the application. Open Open - 10 Medium Banner Grabbing is an enumeration technique used to glean information about the computer systems on a network, server information and the services running its open ports. Open Closed - 11 Medium The old version of Bootstrap is used in the application. Open Open - 12 Medium The application does not maintain audit trail properly where all user activities have to be logged. In-case a malicious user tries to attack the application; the application will not be able to trace the attacker. Open Open - 13 Medium It is possible to view the authenticated page from the cache option of the browser. Open Run Time Error Patch throughout the application 14 Low User Enumeration is possible in the application. Open Closed 15 Low Email-Spamming is possible in the application. Open Open Patch throughout the application 16 Low Password Complexity is not implemented properly in the application. Open Page Not Working - 17 Low Password History is not maintained in the application. Open Page Not Working - 18 Low Application has the provision to remember all user names those have logged in or try to log in. Auto-fill is not disabled on login. Other fields can also display information, which can be misused by a malicious user. Open Open - 19 Low HTTP Method (OPTIONS) are enabled in the application. Open Open Patch throughout the application