What Do Chelsea, Manchester United, Manchester City & Everton have in Common? Security Vulnerabilities in their Websites!

Updated on: May 14, 2024

What Do Chelsea, Manchester United, Manchester City & Everton have in Common? Security Vulnerabilities in their Websites!

There is no number we can put to the combine following of Manchester United, Manchester City & Everton. These football clubs have millions and millions of worldwide following. While these clubs be divided by their fans and beliefs, there is something that unites these clubs: a security vulnerability! Yes, you heard it right. A critical security vulnerability was found by a researcher in the websites of all these clubs.

Meet Robbie

Robbie is a British security researcher who is expert at finding Cross Site Scripting (XSS) vulnerabilities in websites. He participates in bug-bounty programs of various companies.  A month ago, he decided to check security status of the websites of various football clubs and ended up finding XSS vulnerabilities in:

  • Chelses Club’s Main Website
  • Everton Club’s Main Website
  • Everton FC’s Web Shop
  • Chelsea’s Megastore
  • Manchester United’s Main Website

Apart from the above, Robbie has also found some critical vulnerabilities in, a famous car dealership CMS system and even SkySports. The quickest find being the one in car dealership CMS which took him just two minutes to find. Though, it took a few months for developers to fix the bug.


XSS Vulnerability in Famous Football Clubs

  • XSS in Chelsea

    Chelsea XSS
  • Manchester United XSS

    Manchester United XSS
  • XSS in Everton

    Everton XSS

Consequences of XSS

XSS is often regarded as a ‘low hanging fruit’ in web security industry. This is because it is easy to find XSS in websites and modern day web apps seem to have a lot of it. But this doesn’t mean that XSS should be taken lightly, which it often is by developers. A few direct consequences of XSS in websites of clubs like Chelsea, Manchester United and Everton include:

  • Targeted attacks on website users to compromise their personal data (username, passwords, session data)
  • If the XSS is stored, a mass attack on all the users of the websites
  • Changing of website flow as per hacker convenience

While these might only a few consequences, XSS holds many more angles to it. To learn more about XSS, it’s consequences and how to prevent you can refer to the detailed article here.

Tags: , , , ,

Astra Team

We are on a mission to make web a more secure place, one website at a time!
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newest Most Voted
Inline Feedbacks
View all comments
Best Website Design
Best Website Design
5 years ago

This is interesting really, You’re a very skilled blogger.
I’ve joined your feed and look forward to seeking more of your wonderful post.
Also, I’ve distributed your web site in my internet sites!

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany