Reflected Cross-Site Scripting (XSS) Vulnerabilities on Scriptcase apps

I scanned the scriptcase app with Qualys Scan (Vulnerability scan management) and I see Level 5 security vulnerability:
Reflected Cross-Site Scripting (XSS) Vulnerabilities

How to fix these Vulnerabilities?

take a look to Setting HttpOnly in Cookies - Developers / Programming - Scriptcase

best regards.

Thank you for the reply, yes I already have seen this before . All the options already the same as the Screenshot of that post. and configured the Apache servers as well

Best way is to contact through the chat on the website about this, because I have no clue that any SC dev or representative will pick this post up and process.

Could you share or sent me the detail of one of the those vulnerabilities
many times scans raise false positives to be checked manually

They said it’s a known bug and they hopefully fix it in next versions which does not make sense at all. This is level 5 security issue

Sure, here is one of them: