My site running XOOPS 2.0.17 is attacked by above Injected Malicious Scripts, does XOOPS have some thing in security for that?
What should I do now?

First of all, update it to the latest version. Second use Protector (included in archive of news releases).

Do also all countermeasures for hacked sites:
- close your site. If Google detects malicious scripts, your site will be marked as malicious and no FireFox user will dare to visit you after the flashy red warning screen.
- Delete all your files and directories on the server and replace them from a known good backup.
- Clean your Home PC (or whatever PC you use to manage your site) from viruses, malware etc . Use several tools to have a complete sweep.
- Change all your passwords on all levels (FTP, site admin , MySQL database, XOOPS admin, etc)
- Verify there were no additional users created for any administration level (FTP, site admin , MySQL database, XOOPS admin, etc).
- compare the backup of your database with the last known good one and delete suspicious records.
- Find in the log files for info, how your system was infected and block the inroad.