diff --git a/bbs/current_connect.php b/bbs/current_connect.php
index 686522564..5ad0e2a4e 100644
--- a/bbs/current_connect.php
+++ b/bbs/current_connect.php
@@ -12,6 +12,7 @@ $sql = " select a.mb_id, b.mb_nick, b.mb_name, b.mb_email, b.mb_homepage, b.mb_o
             order by a.lo_datetime desc ";
 $result = sql_query($sql);
 for ($i=0; $row=sql_fetch_array($result); $i++) {
+    $row['lo_url'] = get_text($row['lo_url']);
     $list[$i] = $row;
 
     if ($row['mb_id']) {
diff --git a/head.sub.php b/head.sub.php
index bcfb4b9c2..96a8d8d27 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -23,8 +23,8 @@ else {
 // 게시판 제목에 ' 포함되면 오류 발생
 $g5['lo_location'] = addslashes($g5['title']);
 if (!$g5['lo_location'])
-    $g5['lo_location'] = addslashes($_SERVER['REQUEST_URI']);
-$g5['lo_url'] = addslashes($_SERVER['REQUEST_URI']);
+    $g5['lo_location'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
+$g5['lo_url'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
 if (strstr($g5['lo_url'], '/'.G5_ADMIN_DIR.'/') || $is_admin == 'super') $g5['lo_url'] = '';
 
 /*