{"schema_version":"public-product-v1.1","generated_at":"2026-06-10T07:48:31Z","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","advisory":{"id":"Cisco-SA-20131003-CVE-2013-5519","slug":"cisco-sa-20131003-cve-2013-5519","vendor":"Cisco","title":"Cisco WLC Web-Based Management Interface Cross-Site Scripting Vulnerability","summary":"A vulnerability in the web-based management interface of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a crafted URL. Cisco has confirmed the vulnerability in a security notice; however, software updates are unavailable. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.","severity":"Medium","published_at":"2013-10-03T15:29:55Z","updated_at":"2013-10-03T15:29:55Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20131003-CVE-2013-5519","csaf_url":"https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/Cisco-SA-20131003-CVE-2013-5519/csaf/Cisco-SA-20131003-CVE-2013-5519.json","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure."},"freshness":{"last_source_refreshed_at":"2026-05-26T00:00:03Z","latest_source_refresh_at":"2026-05-26T00:00:03Z","oldest_source_refresh_at":"2026-05-22T00:16:33Z","all_sources_fresh":false,"sources":[{"source":"cisco_advisories","label":"Cisco advisories","last_success_at":"2026-05-26T00:00:03Z","stale":true},{"source":"cisco_csaf","label":"Cisco CSAF","last_success_at":"2026-05-25T03:03:26Z","stale":true},{"source":"nvd_cves","label":"NVD CVEs","last_success_at":"2026-05-22T00:16:33Z","stale":true},{"source":"cisa_kev","label":"CISA KEV","last_success_at":"2026-05-22T00:16:34Z","stale":true},{"source":"first_epss","label":"EPSS","last_success_at":"2026-05-22T00:16:40Z","stale":true}]},"summary":{"cve_count":1,"visible_product_count":1,"public_evidence_count":1,"kev_count":0,"highest_cvss":4.3},"cves":[{"id":"CVE-2013-5519","description":"Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.","severity":"MEDIUM","kev":false,"cvss_score":4.3,"cvss_source":"NVD","cwe":"CWE-79","published_at":"2013-10-03T11:04:43Z","modified_at":"2026-04-29T01:13:23Z"}],"public_evidence":[{"product":{"name":"Cisco Wireless LAN Controller (WLC)","slug":"cisco-wireless-lan-controller-wlc","vendor":"Cisco"},"cve":{"id":"CVE-2013-5519"},"evidence_type":"structured_affected","evidence_label":{"scope":"CSAF product evidence","label":"product_status known affected"},"evidence_source":"Cisco CSAF","source":"Cisco CSAF","source_document_fetched_at":"2026-05-19T20:04:26Z","csaf_status":"known_affected","csaf_product_status":"known_affected","csaf_product_status_path":"vulnerabilities[].product_status.known_affected","raw_product_name":"3.1.105.0; 3.1.111.0; 3.1.59.24; 3.2.116.21; 3.2.150.10; 3.2.150.6; 3.2.171.5; 3.2.171.6; 3.2.185.0; 3.2.193.5; 3.2.195.10; 3.2.78.0; 4.0.108; 4.0.155.0; 4.0.155.5; 4.0.179.11; 4.0.179.8; 4.0.196; 4.0.206.0; 4.0.217.0; 4.0.219.0; 4.1.171.0; 4.1.181.0; 4.1.185.0; 4.2.112.0; 4.2.117.0; 4.2.130.0; 4.2.173.0; 4.2.174.0; 4.2.176.0; 4.2.182.0; 4.2.61.0; 4.2.99.0; 5.0.148.0; 5.0.148.2; 5.1.151.0; 5.1.152.0; 5.1.160.0; 5.2.157.0; 5.2.169.0; 6.0.182.0; 6.0.188.0; 6.0.196.0; 6.0.199.4; 6.0.202.0; 7.0.116.0; 7.0.220.0; 7.0.98.0; 7.0.98.218; 7.1.91.0; 7.2.103.0; 7.3.101.0; 7.3.112.0; 7.4.100.0; 7.4.100.60; 7.4.110.0; 7.5.102.0","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","exposure_verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","kev":false,"cvss_score":4.3,"cvss_source":"NVD","published_at":"2013-10-03T15:29:55Z","updated_at":"2013-10-03T15:29:55Z","advisory_updated_at":"2013-10-03T15:29:55Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20131003-CVE-2013-5519","row_display_order":1}]}