Identifying specific XSS vulnerability

Hello

How can I identify which plugin/Theme or even file has XSS - cross site scripting vulnerability.
Some plugin or Site lock just says has vulnerability but with out knowing specifically its becoming hard to fix issues.

Please help and try to be specific as well as detailed .. please..

Regards
Plaban