i was using the vbshout on vb.org. i was running into the occasional server errors and cpu message errors and every now and then it would crash my site. i found his new version on vbhackers that is the flatfile system. much better on my host. however i found that it allows html and there is noway to get arround this. how big of a security hole is this? i mean could anyone hack my site easy? or an advanced coder ability? and if i was hacked how much damage can be done? is it a question of disabling my shout box to fix or can it destroy my whole database?

For info on the security vulnerability see: The Cross Site Scripting (XSS) FAQ (http://www.cgisecurity.com/articles/xss-faq.shtml).

My advice is to uninstall vBShout and if you must have a shoutbox use Chatbox Lite (http://www.vbulletin.org/forum/showthread.php?t=92537). It's no frills, but it's also no security issues, and won't overload your server.

I recently added a shoutbox to my new site

www.ozchess.com.au

I would like, however, to have the time the shout is made displayed, and for the name of the shouter to be highlighted or bolded.

Does anyone know how I can do this?

AO

shoutbox has vulnerbailities, and forums can be hacked. I can say because my site was hacked and I had to remove it.

Does someone know if Dream's chatbox has any vulnerabilities?
http://www.vbulletin.org/forum/showthread.php?t=131002