Trello: CSV injection [N/A]

Hello, We can inject commands in the name field of a board =210 or =cmd|'/C calc'!AO for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim...

Trello: A CRLF injection into the redirect URL of https://trello.com/1/authorize can be used to cause a denial of service when later redirected to

Just found this, tested it on a whim and deeply regretted it. Sorry! So to recreate the issue: 1. Visit...