diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index ececd06ab..3c99546d9 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -477,7 +477,7 @@ function admin_check_xss_params($params){
 
         if( is_array($value) ){
             admin_check_xss_params($value);
-        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
+        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value)) ){
             alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
             die();
         }
diff --git a/extend/sms5.extend.php b/extend/sms5.extend.php
index eee1022ef..dbef097cf 100644
--- a/extend/sms5.extend.php
+++ b/extend/sms5.extend.php
@@ -23,6 +23,8 @@ $g5['sms5_book_group_table']      = $g5['sms5_prefix'] . 'book_group';
 $g5['sms5_form_table']            = $g5['sms5_prefix'] . 'form';
 $g5['sms5_form_group_table']      = $g5['sms5_prefix'] . 'form_group';
 
+$sms5 = array();
+
 if (!empty($config['cf_sms_use'])) {
 
     $sms5 = sql_fetch("select * from {$g5['sms5_config_table']} ", false);