The other possibility is that it isn't the suckerfish code, but the actual links you have in your markup that get turned into the menu. If you are handling query string params in any of those links I would start looking there.
On Jun 19, 1:45 pm, Olivier Percebois-Garve <perceb...@gmail.com> wrote: > I dont see how superfish relates to sql. > Aren't they rather referring to the server-side code handling the > navigation ? > > NationPress wrote: > > The client we're building a site for recently had a server wide scan > > done by SecurityMetrics.com for PCI compliance. This was required by > > their banks commercial credit card service. The report came back with > > a "Possible blind sql injection" vulnerability warning level 4 out of > > 7 for the Superfish menu javascript. Anything 4 and above keeps them > > out of compliance. This file is for the Superfish menu. Is there a > > workaround for this potential issue?
