We have latest version of joomla 1.5.23 and virtuemart 1.1.9 but a PCI company says that there is a cross-scripting issue happening at checkout. According to virtuemart this issue was fixed many versions ago.
As soon as they provide details I will post more information but if you are a cross-scripting expert fixer, please bid now.
thank you