Scan Not Working Properly

I scanned my site in order to pass PCI and came up with some of them are :

  1. “CGI Generic Cross-Site Request Forgery Detection (potential)”
    According to this document
    Qualys Discussions (QID 90780 FAQ: Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability)
    ASP.NET versions 1 and 2 are both vulnerable. my version is 4.0 as you can see my HTTPHeaders

    X-AspNetMvc-Version: 3.0
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Set-Cookie: 51D=; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/,ASP.NET_SessionId=*; path=/; HttpOnly
    Server: Microsoft-IIS/7.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    Date: Thu, 09 May 2013 10:50:45 GMT
    Content-Length: 15514

Any idea about that??