EPSS
Percentile
47.5%
An attacker can inject arbitrary script via the vulnerable query string parameter val of the whois.php file.