diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index 184dbdb46..d601c1ab9 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -436,7 +436,7 @@ function admin_check_xss_params($params){
 
         if( is_array($value) ){
             admin_check_xss_params($params);
-        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){
+        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
             alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
             die();
         }
diff --git a/bbs/alert.php b/bbs/alert.php
index 9d4475203..b1117d347 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -67,13 +67,17 @@ history.back();
     <form method="post" action="<?php echo $url ?>">
     <?php
     foreach($_POST as $key => $value) {
+        
+        $key = clean_xss_tags($url);
+        $value = clean_xss_tags($value);
+
         if(strlen($value) < 1)
             continue;
 
         if(preg_match("/pass|pwd|capt|url/", $key))
             continue;
     ?>
-    <input type="hidden" name="<?php echo $key ?>" value="<?php echo $value ?>">
+    <input type="hidden" name="<?php echo htmlspecialchars($key); ?>" value="<?php echo htmlspecialchars($value); ?>">
     <?php
     }
     ?>
diff --git a/bbs/download.php b/bbs/download.php
index a69f52b6c..575f8571f 100644
--- a/bbs/download.php
+++ b/bbs/download.php
@@ -84,11 +84,16 @@ if (!get_session($ss_name))
 $g5['title'] = '다운로드 &gt; '.conv_subject($write['wr_subject'], 255);
 
 //파일명에 한글이 있는 경우
+/*
 if(preg_match("/[\xA1-\xFE][\xA1-\xFE]/", $file['bf_source'])){
+    // 2015.09.02 날짜의 파이어폭스에서 인코딩된 문자 그대로 출력되는 문제가 발생됨, 2018.12.11 날짜의 파이어폭스에서는 해당 현상이 없으므로 해당 코드를 사용 안합니다.
     $original = iconv('utf-8', 'euc-kr', $file['bf_source']); // SIR 잉끼님 제안코드
 } else {
     $original = urlencode($file['bf_source']);
 }
+*/
+
+$original = urlencode($file['bf_source']);
 
 @include_once($board_skin_path.'/download.tail.skin.php');
 
diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index e3fc28498..dcfbfec7a 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -14,7 +14,7 @@ else
 $url = clean_xss_tags($_GET['url']);
 
 //소셜 로그인 한 경우
-if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php') ){    
+if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php' || (function_exists('social_is_edit_page') && social_is_edit_page($url) ) ) ){    
     social_member_comfirm_redirect();
 }
 
diff --git a/config.php b/config.php
index 0fc4c9b42..7571e12e9 100644
--- a/config.php
+++ b/config.php
@@ -5,8 +5,8 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.2.1');
-define('G5_YOUNGCART_VER', '5.3.2.1');
+define('G5_GNUBOARD_VER', '5.3.2.2');
+define('G5_YOUNGCART_VER', '5.3.2.2');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 6f9ee2cbb..b9c787065 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2898,9 +2898,15 @@ function get_search_string($stx)
 // XSS 관련 태그 제거
 function clean_xss_tags($str)
 {
-    $str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
-
-    $str = str_replace(array('<script>','</script>','<noscript>','</noscript>'), '', $str);
+    $str_len = strlen($str);
+    
+    while($i <= $str_len){
+        $result = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
+        if((string)$result === (string)$str)
+            break;
+        $str = $result;
+        $i++;
+    }
 
     return $str;
 }
diff --git a/plugin/kcpcert/kcpcert_result.php b/plugin/kcpcert/kcpcert_result.php
index 031942fa9..5468267ae 100644
--- a/plugin/kcpcert/kcpcert_result.php
+++ b/plugin/kcpcert/kcpcert_result.php
@@ -143,7 +143,7 @@ if( $cert_enc_use == "Y" )
         $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '{$mb_dupinfo}' ";
         $row = sql_fetch($sql);
         if ($row['mb_id']) {
-            alert_close("입력하신 본인학인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : ".$row['mb_id']);
+            alert_close("입력하신 본인확인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : ".$row['mb_id']);
         }
 
         // hash 데이터
diff --git a/plugin/social/includes/functions.php b/plugin/social/includes/functions.php
index 4b847f54d..fab949a88 100644
--- a/plugin/social/includes/functions.php
+++ b/plugin/social/includes/functions.php
@@ -52,6 +52,10 @@ function get_social_callbackurl($provider, $no_domain=false){
         $base_url = '/'.ltrim(parse_url($base_url, PHP_URL_PATH), '/');
     }
 
+    if ( $provider === 'twitter' ){
+        return $base_url;
+    }
+
     $base_url = $base_url . ( strpos($base_url, '?') ? '&' : '?' ).G5_SOCIAL_LOGIN_DONE_PARAM.'='.$provider;
 
     return $base_url;
@@ -764,6 +768,23 @@ function social_member_comfirm_redirect(){
     }
 }
 
+function social_is_edit_page($url=''){
+    global $is_member;
+
+    if( !$is_member ) return false;
+
+    if($url){
+        $p = @parse_url($url);
+        $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
+
+        if ( isset($p['host']) && ($p['host'] === $host) && preg_match('/register_form\.php$/i', $url) ){
+            return true;
+        }
+    }
+
+    return false;
+}
+
 function social_is_login_password_check($mb_id){
     global $g5;