CVE-2006-2920

Sylpheed <2.2.2, Sylpheed <2.2.6 - CSRF

Title source: llm
STIX 2.1

Description

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.

References (7)

Core 7
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2283
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20577
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27089
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2173
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20476
Various Sources x_refsource_confirm
http://sylpheed.good-day.net/en/news.html%5C

Scores

EPSS 0.0143
EPSS Percentile 70.0%

Details

CWE
CWE-20
Status published
Products (16)
sylpheed/sylpheed 2.0
sylpheed/sylpheed 2.0.1
sylpheed/sylpheed 2.0.2
sylpheed/sylpheed 2.0.3
sylpheed/sylpheed 2.1
sylpheed/sylpheed 2.1.1
sylpheed/sylpheed 2.1.2
sylpheed/sylpheed 2.1.3
sylpheed/sylpheed 2.1.4
sylpheed/sylpheed 2.1.5
... and 6 more
Published Jun 09, 2006
Tracked Since Feb 18, 2026