I'm not sure is this is applicable in v5.2, but it is in 5.1 that I'm using. Since the user name is taken from the form and not the database, malicious users can send whatever they want as their name. I haven't checked how or exactly what they've done, but I just saw someone who made their username very large. Of course, if I'd have referer check turned on, this wouldn't be quite as easy, bu still doable if they spoof the referer.
As a side note, I think it would be nice to be able to disallow some markups since some people think it is fun to enter large images and stuff in their shouts. For myself, if I see it one more time I'll disallow markups completely, if they can't handle the feature I won't let them have it. I certainly won't spend time coding stuff just because they think it's fun to break the features they are given.
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.