diff --git a/adm/board_form_update.php b/adm/board_form_update.php
index c668136a5..8ddb1840c 100644
--- a/adm/board_form_update.php
+++ b/adm/board_form_update.php
@@ -80,8 +80,8 @@ $bo_category_list = isset($_POST['bo_category_list']) ? str_replace($src_char, $
 //https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
 $str_bo_category_list = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $bo_category_list);
 
-$_POST['bo_subject'] = strip_tags($_POST['bo_subject']);
-$_POST['bo_mobile_subject'] = strip_tags($_POST['bo_mobile_subject']);
+$_POST['bo_subject'] = strip_tags(clean_xss_attributes($_POST['bo_subject']));
+$_POST['bo_mobile_subject'] = strip_tags(clean_xss_attributes($_POST['bo_mobile_subject']));
 
 $sql_common = " gr_id               = '{$gr_id}',
                 bo_subject          = '{$_POST['bo_subject']}',
diff --git a/adm/board_list_update.php b/adm/board_list_update.php
index 8a5ba44ec..552f60d99 100644
--- a/adm/board_list_update.php
+++ b/adm/board_list_update.php
@@ -33,7 +33,7 @@ if ($_POST['act_button'] == "선택수정") {
                 alert('최고관리자가 아닌 경우 다른 관리자의 게시판('.$board_table[$k].')은 수정이 불가합니다.');
         }
 
-        $p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags($_POST['bo_subject'][$k]) : '';
+        $p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'][$k])) : '';
 
         $sql = " update {$g5['board_table']}
                     set gr_id               = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php
index 41170884b..58437acda 100644
--- a/adm/contentformupdate.php
+++ b/adm/contentformupdate.php
@@ -21,7 +21,7 @@ if ($w == "" || $w == "u")
 }
 
 $co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
-$co_subject = strip_tags($co_subject);
+$co_subject = strip_tags(clean_xss_attributes($co_subject));
 $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
 $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
 $co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
diff --git a/adm/newwinformupdate.php b/adm/newwinformupdate.php
index 1441ac820..f03701166 100644
--- a/adm/newwinformupdate.php
+++ b/adm/newwinformupdate.php
@@ -12,7 +12,7 @@ else
 
 check_admin_token();
 
-$nw_subject = isset($_POST['nw_subject']) ? strip_tags($_POST['nw_subject']) : '';
+$nw_subject = isset($_POST['nw_subject']) ? strip_tags(clean_xss_attributes($_POST['nw_subject'])) : '';
 
 $sql_common = " nw_device = '{$_POST['nw_device']}',
                 nw_begin_time = '{$_POST['nw_begin_time']}',
diff --git a/adm/point_update.php b/adm/point_update.php
index 571a1dfa6..ac1a70411 100644
--- a/adm/point_update.php
+++ b/adm/point_update.php
@@ -6,9 +6,9 @@ auth_check($auth[$sub_menu], 'w');
 
 check_admin_token();
 
-$mb_id = strip_tags($_POST['mb_id']);
-$po_point = strip_tags($_POST['po_point']);
-$po_content = strip_tags($_POST['po_content']);
+$mb_id = strip_tags(clean_xss_attributes($_POST['mb_id']));
+$po_point = strip_tags(clean_xss_attributes($_POST['po_point']));
+$po_content = strip_tags(clean_xss_attributes($_POST['po_content']));
 $expire = preg_replace('/[^0-9]/', '', $_POST['po_expire_term']);
 
 $mb = get_member($mb_id);