Sucuri gives site with malcode, but what?

See: http://sitecheck.sucuri.net/results/aceitunabrava.com/
Web application version:
Joomla Version 2.5.19 found at: http://aceitunabrava.com//administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
Nothing here: http://zulu.zscaler.com/submission/show/65c2bf55ba2821cd01c0ddc720133a00-1417137562
and http://www.isithacked.com/check/aceitunabrava.com

Delegation errors: http://dnscheck.iis.se/?time=1417137782&id=4396211&view=basic&test=standard
PHP vuln.: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-149816/PHP-PHP-5.3.27.html
DOMXSS: Results from scanning URL: htxp://aceitunabrava.com/index.php
Number of sources found: 2 ( onchange="window.location.href=this.value)
Number of sinks found: 41
Scroll PDF exporter exploitable k2Scroller vulnerable
var jax_live_site error

polonus