diff --git a/adm/boardgroup_list.php b/adm/boardgroup_list.php
index a688e650d..08cd18382 100644
--- a/adm/boardgroup_list.php
+++ b/adm/boardgroup_list.php
@@ -124,7 +124,7 @@ $colspan = 10;
     <tr class="<?php echo $bg; ?>">
         <td class="td_chk">
             <input type="hidden" name="group_id[<?php echo $i ?>]" value="<?php echo $row['gr_id'] ?>">
-            <label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo $row['gr_subject'] ?> 그룹</label>
+            <label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($row['gr_subject']); ?> 그룹</label>
             <input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
         </td>
         <td class="td_left"><a href="<?php echo G5_BBS_URL ?>/group.php?gr_id=<?php echo $row['gr_id'] ?>"><?php echo $row['gr_id'] ?></a></td>
@@ -135,9 +135,9 @@ $colspan = 10;
         <td class="td_mng td_input">
         <?php if ($is_admin == 'super'){ ?>
             <label for="gr_admin_<?php echo $i; ?>" class="sound_only">그룹관리자</label>
-            <input type="text" name="gr_admin[<?php echo $i ?>]" value="<?php echo $row['gr_admin'] ?>" id="gr_admin_<?php echo $i ?>" class="tbl_input" size="10" maxlength="20">
+            <input type="text" name="gr_admin[<?php echo $i ?>]" value="<?php echo get_sanitize_input($row['gr_admin']); ?>" id="gr_admin_<?php echo $i ?>" class="tbl_input" size="10" maxlength="20">
         <?php }else{ ?>
-            <input type="hidden" name="gr_admin[<?php echo $i ?>]" value="<?php echo $row['gr_admin'] ?>"><?php echo $row['gr_admin'] ?>
+            <input type="hidden" name="gr_admin[<?php echo $i ?>]" value="<?php echo get_sanitize_input($row['gr_admin']); ?>"><?php echo get_text($row['gr_admin']); ?>
         <?php } ?>
         </td>
         <td class="td_num"><a href="./board_list.php?sfl=a.gr_id&amp;stx=<?php echo $row['gr_id'] ?>"><?php echo $row2['cnt'] ?></a></td>
diff --git a/adm/boardgroup_list_update.php b/adm/boardgroup_list_update.php
index e6abcb6b7..ee8971c2d 100644
--- a/adm/boardgroup_list_update.php
+++ b/adm/boardgroup_list_update.php
@@ -19,8 +19,8 @@ for ($i=0; $i<$count; $i++)
 {
     $k     = $_POST['chk'][$i];
     $gr_id = preg_replace('/[^a-z0-9_]/i', '', $_POST['group_id'][$k]);
-    $gr_subject = is_array($_POST['gr_subject']) ? strip_tags($_POST['gr_subject'][$k]) : '';
-    $gr_admin = is_array($_POST['gr_admin']) ? strip_tags($_POST['gr_admin'][$k]) : '';
+    $gr_subject = is_array($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'][$k])) : '';
+    $gr_admin = is_array($_POST['gr_admin']) ? strip_tags(clean_xss_attributes($_POST['gr_admin'][$k])) : '';
 
     if($_POST['act_button'] == '선택수정') {
         $sql = " update {$g5['group_table']}
diff --git a/adm/config_form.php b/adm/config_form.php
index 286626896..5bc7bccea 100644
--- a/adm/config_form.php
+++ b/adm/config_form.php
@@ -321,7 +321,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
         <tbody>
         <tr>
             <th scope="row"><label for="cf_title">홈페이지 제목<strong class="sound_only">필수</strong></label></th>
-            <td colspan="3"><input type="text" name="cf_title" value="<?php echo $config['cf_title'] ?>" id="cf_title" required class="required frm_input" size="40"></td>
+            <td colspan="3"><input type="text" name="cf_title" value="<?php echo get_sanitize_input($config['cf_title']); ?>" id="cf_title" required class="required frm_input" size="40"></td>
         </tr>
         <tr>
             <th scope="row"><label for="cf_admin">최고관리자<strong class="sound_only">필수</strong></label></th>
diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index 50a6bbf32..731b664c5 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -26,7 +26,7 @@ if(!$_POST['cf_cert_use']) {
 
 $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';
 
-$_POST['cf_title'] = strip_tags($_POST['cf_title']);
+$_POST['cf_title'] = strip_tags(clean_xss_attributes($_POST['cf_title']));
 
 $check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
 
diff --git a/adm/mail_form.php b/adm/mail_form.php
index a95035be2..6ee6fb95b 100644
--- a/adm/mail_form.php
+++ b/adm/mail_form.php
@@ -42,7 +42,7 @@ include_once('./admin.head.php');
     <tbody>
     <tr>
         <th scope="row"><label for="ma_subject">메일 제목<strong class="sound_only">필수</strong></label></th>
-        <td><input type="text" name="ma_subject" value="<?php echo $ma['ma_subject'] ?>" id="ma_subject" required class="required frm_input" size="100"></td>
+        <td><input type="text" name="ma_subject" value="<?php echo get_sanitize_input($ma['ma_subject']); ?>" id="ma_subject" required class="required frm_input" size="100"></td>
     </tr>
     <tr>
         <th scope="row"><label for="ma_content">메일 내용<strong class="sound_only">필수</strong></label></th>
diff --git a/adm/mail_update.php b/adm/mail_update.php
index 68c85ae71..04d04ac92 100644
--- a/adm/mail_update.php
+++ b/adm/mail_update.php
@@ -10,7 +10,7 @@ auth_check($auth[$sub_menu], 'w');
 check_admin_token();
 
 $ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
-$ma_subject = isset($_POST['ma_subject']) ? strip_tags($_POST['ma_subject']) : '';
+$ma_subject = isset($_POST['ma_subject']) ? strip_tags(clean_xss_attributes($_POST['ma_subject'])) : '';
 
 if ($w == '')
 {
diff --git a/adm/poll_form.php b/adm/poll_form.php
index 0f5ed4dd4..3de75ddbe 100644
--- a/adm/poll_form.php
+++ b/adm/poll_form.php
@@ -37,7 +37,7 @@ include_once('./admin.head.php');
     <tbody>
     <tr>
         <th scope="row"><label for="po_subject">투표 제목<strong class="sound_only">필수</strong></label></th>
-        <td><input type="text" name="po_subject" value="<?php echo $po['po_subject'] ?>" id="po_subject" required class="required frm_input" size="80" maxlength="125"></td>
+        <td><input type="text" name="po_subject" value="<?php echo get_sanitize_input($po['po_subject']); ?>" id="po_subject" required class="required frm_input" size="80" maxlength="125"></td>
     </tr>
 
     <?php
diff --git a/adm/poll_form_update.php b/adm/poll_form_update.php
index 2d01fe6dd..f5972aa8a 100644
--- a/adm/poll_form_update.php
+++ b/adm/poll_form_update.php
@@ -40,7 +40,7 @@ foreach( $_POST as $key=>$value ){
     if( empty($value) ) continue;
 
     if( in_array($key, $check_keys) ) {
-        $_POST[$key] = strip_tags($value);
+        $_POST[$key] = strip_tags(clean_xss_attributes($value));
     }
 }
 
diff --git a/adm/qa_config.php b/adm/qa_config.php
index b73062251..c06a0a059 100644
--- a/adm/qa_config.php
+++ b/adm/qa_config.php
@@ -133,7 +133,7 @@ if(!isset($qaconfig['qa_include_head'])) {
         <tr>
             <th scope="row"><label for="qa_title">타이틀<strong class="sound_only">필수</strong></label></th>
             <td>
-                <input type="text" name="qa_title" value="<?php echo $qaconfig['qa_title'] ?>" id="qa_title" required class="required frm_input" size="40">
+                <input type="text" name="qa_title" value="<?php echo get_sanitize_input($qaconfig['qa_title']); ?>" id="qa_title" required class="required frm_input" size="40">
                 <a href="<?php echo G5_BBS_URL; ?>/qalist.php" class="btn_frmline">1:1문의 바로가기</a>
             </td>
         </tr>
@@ -141,7 +141,7 @@ if(!isset($qaconfig['qa_include_head'])) {
             <th scope="row"><label for="qa_category">분류<strong class="sound_only">필수</strong></label></th>
             <td>
                 <?php echo help('분류와 분류 사이는 | 로 구분하세요. (예: 질문|답변) 첫자로 #은 입력하지 마세요. (예: #질문|#답변 [X])') ?>
-                <input type="text" name="qa_category" value="<?php echo $qaconfig['qa_category'] ?>" id="qa_category" required class="required frm_input" size="70">
+                <input type="text" name="qa_category" value="<?php echo get_sanitize_input($qaconfig['qa_category']); ?>" id="qa_category" required class="required frm_input" size="70">
             </td>
         </tr>
         <tr>
@@ -184,21 +184,21 @@ if(!isset($qaconfig['qa_include_head'])) {
             <th scope="row"><label for="qa_send_number">SMS 발신번호</label></th>
             <td>
                 <?php echo help('SMS 알림 전송시 발신번호로 사용됩니다.'); ?>
-                <input type="text" name="qa_send_number" value="<?php echo $qaconfig['qa_send_number'] ?>" id="qa_send_number" class="frm_input"  size="30">
+                <input type="text" name="qa_send_number" value="<?php echo get_sanitize_input($qaconfig['qa_send_number']); ?>" id="qa_send_number" class="frm_input"  size="30">
             </td>
         </tr>
         <tr>
             <th scope="row"><label for="qa_admin_hp">관리자 휴대폰번호</label></th>
             <td>
                 <?php echo help('관리자 휴대폰번호를 입력하시면 문의글 등록시 등록하신 번호로 SMS 알림이 전송됩니다.<br>SMS 알림을 사용하지 않으시면 알림이 전송되지 않습니다.'); ?>
-                <input type="text" name="qa_admin_hp" value="<?php echo $qaconfig['qa_admin_hp'] ?>" id="qa_admin_hp" class="frm_input"  size="30">
+                <input type="text" name="qa_admin_hp" value="<?php echo get_sanitize_input($qaconfig['qa_admin_hp']); ?>" id="qa_admin_hp" class="frm_input"  size="30">
             </td>
         </tr>
         <tr>
             <th scope="row"><label for="qa_admin_email">관리자 이메일</label></th>
             <td>
                 <?php echo help('관리자 이메일을 입력하시면 문의글 등록시 등록하신 이메일로 알림이 전송됩니다.'); ?>
-                <input type="text" name="qa_admin_email" value="<?php echo $qaconfig['qa_admin_email'] ?>" id="qa_admin_email" class="frm_input"  size="50">
+                <input type="text" name="qa_admin_email" value="<?php echo get_sanitize_input($qaconfig['qa_admin_email']); ?>" id="qa_admin_email" class="frm_input"  size="50">
             </td>
         </tr>
         <tr>
diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php
index 97fd16d7e..38b3eaddd 100644
--- a/adm/qa_config_update.php
+++ b/adm/qa_config_update.php
@@ -15,7 +15,7 @@ $qaconfig = get_qa_config();
 $check_keys = array('qa_title', 'qa_category', 'qa_skin', 'qa_mobile_skin', 'qa_use_email', 'qa_req_email', 'qa_use_hp', 'qa_req_hp', 'qa_use_sms', 'qa_send_number', 'qa_admin_hp', 'qa_admin_email', 'qa_subject_len', 'qa_mobile_subject_len', 'qa_page_rows', 'qa_mobile_page_rows', 'qa_image_width', 'qa_upload_size');
 
 foreach($check_keys as $key){
-	$$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags($_POST[$key]) : '';
+	$$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
 }
 
 $qa_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($qa_include_head, 0, 255));