We can learn the following from this report:

• The most important thing that we learn from this report is bug bounty hunters should be clever enough to find ways to execute an XSS attack because, in this report, the vulnerability was not originally on Trello but Wistia, but reactor08 found a way to exploit Trello via that vulnerability
• Crafting the payload based on the target environment was also a key takeaway here, as the payload was crafted using a third-party parameter in this scenario