diff --git a/adm/board_copy.php b/adm/board_copy.php
index 291a225ac..fb889174a 100644
--- a/adm/board_copy.php
+++ b/adm/board_copy.php
@@ -31,7 +31,7 @@ include_once(G5_PATH.'/head.sub.php');
             </tr>
             <tr>
                 <th scope="col"><label for="target_subject">게시판 제목<strong class="sound_only">필수</strong></label></th>
-                <td><input type="text" name="target_subject" value="[복사본] <?php echo $board['bo_subject'] ?>" id="target_subject" required class="required frm_input" maxlength="120"></td>
+                <td><input type="text" name="target_subject" value="[복사본] <?php echo get_sanitize_input($board['bo_subject']); ?>" id="target_subject" required class="required frm_input" maxlength="120"></td>
             </tr>
             <tr>
                 <th scope="col">복사 유형</th>
diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php
index 9b3bd55a9..7a44a9c48 100644
--- a/adm/board_copy_update.php
+++ b/adm/board_copy_update.php
@@ -11,6 +11,8 @@ check_admin_token();
 $target_table   = trim($_POST['target_table']);
 $target_subject = trim($_POST['target_subject']);
 
+$target_subject = strip_tags(clean_xss_attributes($target_subject));
+
 if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) {
     alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)');
 }