diff --git a/adm/board_form.php b/adm/board_form.php
index 509b29712..babb8f065 100644
--- a/adm/board_form.php
+++ b/adm/board_form.php
@@ -869,7 +869,7 @@ $pg_anchor = '<ul class="anchor">
         <tr>
             <th scope="row"><label for="bo_content_head">상단 내용</label></th>
             <td>
-                <?php echo editor_html("bo_content_head", get_text($board['bo_content_head'], 0)); ?>
+                <?php echo editor_html("bo_content_head", get_text(html_purifier($board['bo_content_head']), 0)); ?>
             </td>
             <td class="td_grpset">
                 <input type="checkbox" name="chk_grp_content_head" value="1" id="chk_grp_content_head">
@@ -881,7 +881,7 @@ $pg_anchor = '<ul class="anchor">
         <tr>
             <th scope="row"><label for="bo_content_tail">하단 내용</label></th>
             <td>
-                <?php echo editor_html("bo_content_tail", get_text($board['bo_content_tail'], 0)); ?>
+                <?php echo editor_html("bo_content_tail", get_text(html_purifier($board['bo_content_tail']), 0)); ?>
             </td>
             <td class="td_grpset">
                 <input type="checkbox" name="chk_grp_content_tail" value="1" id="chk_grp_content_tail">
@@ -893,7 +893,7 @@ $pg_anchor = '<ul class="anchor">
         <tr>
             <th scope="row"><label for="bo_mobile_content_head">모바일 상단 내용</label></th>
             <td>
-                <?php echo editor_html("bo_mobile_content_head", get_text($board['bo_mobile_content_head'], 0)); ?>
+                <?php echo editor_html("bo_mobile_content_head", get_text(html_purifier($board['bo_mobile_content_head']), 0)); ?>
             </td>
             <td class="td_grpset">
                 <input type="checkbox" name="chk_grp_mobile_content_head" value="1" id="chk_grp_mobile_content_head">
@@ -905,7 +905,7 @@ $pg_anchor = '<ul class="anchor">
         <tr>
             <th scope="row"><label for="bo_mobile_content_tail">모바일 하단 내용</label></th>
             <td>
-                <?php echo editor_html("bo_mobile_content_tail", get_text($board['bo_mobile_content_tail'], 0)); ?>
+                <?php echo editor_html("bo_mobile_content_tail", get_text(html_purifier($board['bo_mobile_content_tail']), 0)); ?>
             </td>
             <td class="td_grpset">
                 <input type="checkbox" name="chk_grp_mobile_content_tail" value="1" id="chk_grp_mobile_content_tail">
diff --git a/adm/board_list_update.php b/adm/board_list_update.php
index a7f358c1f..c3faae7d9 100644
--- a/adm/board_list_update.php
+++ b/adm/board_list_update.php
@@ -29,9 +29,11 @@ if ($_POST['act_button'] == "선택수정") {
                 alert('최고관리자가 아닌 경우 다른 관리자의 게시판('.$board_table[$k].')은 수정이 불가합니다.');
         }
 
+        $p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags($_POST['bo_subject'][$k]) : '';
+
         $sql = " update {$g5['board_table']}
                     set gr_id               = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
-                        bo_subject          = '".sql_real_escape_string(strip_tags($_POST['bo_subject'][$k]))."',
+                        bo_subject          = '".$p_bo_subject."',
                         bo_device           = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
                         bo_skin             = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
                         bo_mobile_skin      = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',
diff --git a/adm/boardgroup_list_update.php b/adm/boardgroup_list_update.php
index 53d66c8e9..e6abcb6b7 100644
--- a/adm/boardgroup_list_update.php
+++ b/adm/boardgroup_list_update.php
@@ -19,7 +19,8 @@ for ($i=0; $i<$count; $i++)
 {
     $k     = $_POST['chk'][$i];
     $gr_id = preg_replace('/[^a-z0-9_]/i', '', $_POST['group_id'][$k]);
-    $gr_subject = sql_real_escape_string(strip_tags($_POST['gr_subject'][$k]));
+    $gr_subject = is_array($_POST['gr_subject']) ? strip_tags($_POST['gr_subject'][$k]) : '';
+    $gr_admin = is_array($_POST['gr_admin']) ? strip_tags($_POST['gr_admin'][$k]) : '';
 
     if($_POST['act_button'] == '선택수정') {
         $sql = " update {$g5['group_table']}
@@ -30,7 +31,7 @@ for ($i=0; $i<$count; $i++)
                         gr_order      = '".sql_real_escape_string($_POST['gr_order'][$k])."'
                   where gr_id         = '{$gr_id}' ";
         if ($is_admin != 'super')
-            $sql .= " and gr_admin    = '{$_POST['gr_admin'][$k]}' ";
+            $sql .= " and gr_admin    = '{$gr_admin}' ";
         sql_query($sql);
     } else if($_POST['act_button'] == '선택삭제') {
         $row = sql_fetch(" select count(*) as cnt from {$g5['board_table']} where gr_id = '$gr_id' ");
diff --git a/adm/contentform.php b/adm/contentform.php
index 4abe574d9..d51ae661c 100644
--- a/adm/contentform.php
+++ b/adm/contentform.php
@@ -35,6 +35,7 @@ if(!sql_query(" select co_skin from {$g5['content_table']} limit 1 ", false)) {
 
 $html_title = "내용";
 $g5['title'] = $html_title.' 관리';
+$readonly = '';
 
 if ($w == "u")
 {
diff --git a/adm/faqform.php b/adm/faqform.php
index 72f4438bd..f5791df49 100644
--- a/adm/faqform.php
+++ b/adm/faqform.php
@@ -54,11 +54,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
     </tr>
     <tr>
         <th scope="row">질문</th>
-        <td><?php echo editor_html('fa_subject', get_text($fa['fa_subject'], 0)); ?></td>
+        <td><?php echo editor_html('fa_subject', get_text(html_purifier($fa['fa_subject']), 0)); ?></td>
     </tr>
     <tr>
         <th scope="row">답변</th>
-        <td><?php echo editor_html('fa_content', get_text($fa['fa_content'], 0)); ?></td>
+        <td><?php echo editor_html('fa_content', get_text(html_purifier($fa['fa_content']), 0)); ?></td>
     </tr>
     </tbody>
     </table>
diff --git a/adm/faqmasterform.php b/adm/faqmasterform.php
index d48f69e49..4ac3f6f80 100644
--- a/adm/faqmasterform.php
+++ b/adm/faqmasterform.php
@@ -117,25 +117,25 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
     <tr>
         <th scope="row">상단 내용</th>
         <td>
-            <?php echo editor_html('fm_head_html', get_text($fm['fm_head_html'], 0)); ?>
+            <?php echo editor_html('fm_head_html', get_text(html_purifier($fm['fm_head_html']), 0)); ?>
         </td>
     </tr>
     <tr>
         <th scope="row">하단 내용</th>
         <td>
-            <?php echo editor_html('fm_tail_html', get_text($fm['fm_tail_html'], 0)); ?>
+            <?php echo editor_html('fm_tail_html', get_text(html_purifier($fm['fm_tail_html']), 0)); ?>
         </td>
     </tr>
     <tr>
         <th scope="row">모바일상단 내용</th>
         <td>
-            <?php echo editor_html('fm_mobile_head_html', get_text($fm['fm_mobile_head_html'], 0)); ?>
+            <?php echo editor_html('fm_mobile_head_html', get_text(html_purifier($fm['fm_mobile_head_html']), 0)); ?>
         </td>
     </tr>
     <tr>
         <th scope="row">모바일하단 내용</th>
         <td>
-            <?php echo editor_html('fm_mobile_tail_html', get_text($fm['fm_mobile_tail_html'], 0)); ?>
+            <?php echo editor_html('fm_mobile_tail_html', get_text(html_purifier($fm['fm_mobile_tail_html']), 0)); ?>
         </td>
     </tr>
     </tbody>
diff --git a/adm/mail_form.php b/adm/mail_form.php
index b93d3a5c7..547beadf0 100644
--- a/adm/mail_form.php
+++ b/adm/mail_form.php
@@ -44,7 +44,7 @@ include_once('./admin.head.php');
     </tr>
     <tr>
         <th scope="row"><label for="ma_content">메일 내용<strong class="sound_only">필수</strong></label></th>
-        <td><?php echo editor_html("ma_content", get_text($ma['ma_content'], 0)); ?></td>
+        <td><?php echo editor_html("ma_content", get_text(html_purifier($ma['ma_content']), 0)); ?></td>
     </tr>
     </tbody>
     </table>
diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index a91b4897f..f7f4cf882 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -20,9 +20,11 @@ $count = count($_POST['code']);
 for ($i=0; $i<$count; $i++)
 {
     $_POST = array_map_deep('trim', $_POST);
+    
+    $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags($_POST['me_link'][$i], 1) : '';
 
-    $code    = strip_tags($_POST['code'][$i]);
-    $me_name = strip_tags($_POST['me_name'][$i]);
+    $code    = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
+    $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
     $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
     
     if(!$code || !$me_name || !$me_link)
@@ -56,9 +58,9 @@ for ($i=0; $i<$count; $i++)
 
     // 메뉴 등록
     $sql = " insert into {$g5['menu_table']}
-                set me_code         = '$me_code',
-                    me_name         = '$me_name',
-                    me_link         = '$me_link',
+                set me_code         = '".$me_code."',
+                    me_name         = '".$me_name."',
+                    me_link         = '".$me_link."',
                     me_target       = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
                     me_order        = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
                     me_use          = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
diff --git a/adm/newwinform.php b/adm/newwinform.php
index 4b3d3be2d..9bee28483 100644
--- a/adm/newwinform.php
+++ b/adm/newwinform.php
@@ -130,7 +130,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
     </tr>
     <tr>
         <th scope="row"><label for="nw_content">내용</label></th>
-        <td><?php echo editor_html('nw_content', get_text($nw['nw_content'], 0)); ?></td>
+        <td><?php echo editor_html('nw_content', get_text(html_purifier($nw['nw_content']), 0)); ?></td>
     </tr>
     </tbody>
     </table>
diff --git a/adm/qa_config.php b/adm/qa_config.php
index 312dcd8cd..92e9a4632 100644
--- a/adm/qa_config.php
+++ b/adm/qa_config.php
@@ -282,25 +282,25 @@ if(!isset($qaconfig['qa_include_head'])) {
         <tr>
             <th scope="row"><label for="qa_content_head">상단 내용</label></th>
             <td>
-                <?php echo editor_html("qa_content_head", get_text($qaconfig['qa_content_head'], 0)); ?>
+                <?php echo editor_html("qa_content_head", get_text(html_purifier($qaconfig['qa_content_head']), 0)); ?>
             </td>
         </tr>
         <tr>
             <th scope="row"><label for="qa_content_tail">하단 내용</label></th>
             <td>
-                <?php echo editor_html("qa_content_tail", get_text($qaconfig['qa_content_tail'], 0)); ?>
+                <?php echo editor_html("qa_content_tail", get_text(html_purifier($qaconfig['qa_content_tail']), 0)); ?>
             </td>
         </tr>
         <tr>
             <th scope="row"><label for="qa_mobile_content_head">모바일 상단 내용</label></th>
             <td>
-                <?php echo editor_html("qa_mobile_content_head", get_text($qaconfig['qa_mobile_content_head'], 0)); ?>
+                <?php echo editor_html("qa_mobile_content_head", get_text(html_purifier($qaconfig['qa_mobile_content_head']), 0)); ?>
             </td>
         </tr>
         <tr>
             <th scope="row"><label for="qa_mobile_content_tail">모바일 하단 내용</label></th>
             <td>
-                <?php echo editor_html("qa_mobile_content_tail", get_text($qaconfig['qa_mobile_content_tail'], 0)); ?>
+                <?php echo editor_html("qa_mobile_content_tail", get_text(html_purifier($qaconfig['qa_mobile_content_tail']), 0)); ?>
             </td>
         </tr>
         <tr>
diff --git a/adm/visit_list.php b/adm/visit_list.php
index 02ce73f10..46744e99f 100644
--- a/adm/visit_list.php
+++ b/adm/visit_list.php
@@ -73,7 +73,7 @@ $result = sql_query($sql);
             }
 
             $title = str_replace(array('<', '>', '&'), array("&lt;", "&gt;", "&amp;"), $referer);
-            $link = '<a href="'.$row['vi_referer'].'" target="_blank">';
+            $link = '<a href="'.get_text($row['vi_referer']).'" target="_blank">';
             $link = str_replace('&', "&amp;", $link);
             $link2 = '</a>';
         }
diff --git a/adm/visit_search.php b/adm/visit_search.php
index 67e0f9188..e29a0e382 100644
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@@ -92,7 +92,7 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'">처음</a>'; //페이지 처
             }
 
             $title = str_replace(array("<", ">"), array("&lt;", "&gt;"), $referer);
-            $link = '<a href="'.$row['vi_referer'].'" target="_blank" title="'.$title.'">';
+            $link = '<a href="'.get_text($row['vi_referer']).'" target="_blank" title="'.$title.'">';
         }
 
         if ($is_admin == 'super')
diff --git a/bbs/alert.php b/bbs/alert.php
index fbac90876..18d5053c2 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -31,8 +31,8 @@ include_once(G5_PATH.'/head.sub.php');
 $msg = isset($msg) ? strip_tags($msg) : '';
 $msg2 = str_replace("\\n", "<br>", $msg);
 
-$url = clean_xss_tags($url);
-if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
+$url = clean_xss_tags($url, 1);
+if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1);
 
 $url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
 $url = preg_replace('/\r\n|\r|\n|[^\x20-\x7e]/','', $url);
diff --git a/bbs/confirm.php b/bbs/confirm.php
index 5e71c009a..1d54d1384 100644
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@@ -5,11 +5,11 @@ include_once(G5_PATH.'/head.sub.php');
 $pattern1 = "/[\<\>\'\"\\\'\\\"\(\)]/";
 $pattern2 = "/\r\n|\r|\n|[^\x20-\x7e]/";
 
-$url1 = preg_replace($pattern1, "", clean_xss_tags($url1));
+$url1 = preg_replace($pattern1, "", clean_xss_tags($url1, 1));
 $url1 = preg_replace($pattern2, "", $url1);
-$url2 = preg_replace($pattern1, "", clean_xss_tags($url2));
+$url2 = preg_replace($pattern1, "", clean_xss_tags($url2, 1));
 $url2 = preg_replace($pattern2, "", $url2);
-$url3 = preg_replace($pattern1, "", clean_xss_tags($url3));
+$url3 = preg_replace($pattern1, "", clean_xss_tags($url3, 1));
 $url3 = preg_replace($pattern2, "", $url3);
 
 // url 체크
@@ -31,12 +31,12 @@ if (confirm(conf)) {
 <article id="confirm_check">
 <header>
     <hgroup>
-        <h1><?php echo $header; ?></h1> <!-- 수행 중이던 작업 내용 -->
+        <h1><?php echo get_text(strip_tags($header)); ?></h1> <!-- 수행 중이던 작업 내용 -->
         <h2>아래 내용을 확인해 주세요.</h2>
     </hgroup>
 </header>
 <p>
-    <?php echo $msg; ?>
+    <?php echo get_text(strip_tags($msg)); ?>
 </p>
 
 <a href="<?php echo $url1; ?>">확인</a>
diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php
index 50a9bc709..b8154e215 100644
--- a/bbs/visit_insert.inc.php
+++ b/bbs/visit_insert.inc.php
@@ -13,8 +13,8 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
     $remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
     $referer = "";
     if (isset($_SERVER['HTTP_REFERER']))
-        $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
-    $user_agent  = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT']));
+        $referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])));
+    $user_agent  = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
     $vi_browser = '';
     $vi_os = '';
     $vi_device = '';
diff --git a/head.sub.php b/head.sub.php
index d103a3f44..eae3a284e 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -19,8 +19,8 @@ else {
     $g5_head_title .= " | ".$config['cf_title'];
 }
 
-$g5['title'] = strip_tags(get_text($g5['title']));
-$g5_head_title = strip_tags(get_text($g5_head_title));
+$g5['title'] = strip_tags($g5['title']);
+$g5_head_title = strip_tags($g5_head_title);
 
 // 현재 접속자
 // 게시판 제목에 ' 포함되면 오류 발생
diff --git a/lib/common.lib.php b/lib/common.lib.php
index ab7431959..8c9315f26 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2902,13 +2902,17 @@ function get_search_string($stx)
 }
 
 // XSS 관련 태그 제거
-function clean_xss_tags($str)
+function clean_xss_tags($str, $check_entities=0)
 {
     $str_len = strlen($str);
     
     $i = 0;
     while($i <= $str_len){
         $result = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
+        
+        if( $check_entities ){
+            $result = str_replace(array('&colon;', '&lpar;', '&rpar;', '&NewLine;', '&Tab;'), '', $result);
+        }
 
         if((string)$result === (string)$str) break;
 
@@ -3436,7 +3440,7 @@ function get_head_title($title){
     global $g5;
 
     if( isset($g5['board_title']) && $g5['board_title'] ){
-        $title = strip_tags(get_text($g5['board_title']));
+        $title = strip_tags($g5['board_title']);
     }
 
     return $title;
@@ -3512,6 +3516,11 @@ function get_call_func_cache($func, $args=array()){
 function is_include_path_check($path='', $is_input='')
 {
     if( $path ){
+
+        if( strlen($path) > 255 ){
+            return false;
+        }
+
         if ($is_input){
             // 장태진 @jtjisgod <jtjisgod@gmail.com> 추가
             // 보안 목적 : rar wrapper 차단
@@ -3570,11 +3579,14 @@ function is_include_path_check($path='', $is_input='')
             if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
                 return false;
             }
+            if( substr_count($replace_path, './') > 5 ){
+                return false;
+            }
         }
 
         $extension = pathinfo($path, PATHINFO_EXTENSION);
         
-        if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf)$/i', $extension)) {
+        if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf|php\-x)$/i', $extension)) {
             return false;
         }
     }
diff --git a/theme/basic/head.sub.php b/theme/basic/head.sub.php
index 33de09108..ee2aa12c8 100644
--- a/theme/basic/head.sub.php
+++ b/theme/basic/head.sub.php
@@ -13,8 +13,8 @@ else {
     $g5_head_title .= " | ".$config['cf_title'];
 }
 
-$g5['title'] = strip_tags(get_text($g5['title']));
-$g5_head_title = strip_tags(get_text($g5_head_title));
+$g5['title'] = strip_tags($g5['title']);
+$g5_head_title = strip_tags($g5_head_title);
 
 // 현재 접속자
 // 게시판 제목에 ' 포함되면 오류 발생