First let’s start with what is Trello?
Trello is a web-based, Kanban-style, list-making application and is a subsidiary of Atlassian. Originally created by Fog Creek Software in 2011, it was spun out to form the basis of a separate company in 2014 and later sold to Atlassian in January 2017. The company is based in New York City, U.S. - Wikipedia
1. Stored XSS — Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. “imperva”
I found out by looking around the site that i can upload and open SVG files without getting blocked or auto redirected to the download of the file, so i created a SVG file with an XSS payload inside. this is how it looks :
This has been reported and Trello Team response and fix for this vulnerability was very quick!