I recently found a XSS bug Amazon Gift card creation flow, I am going to explain how it works.
Below is the URL is for creating Amazon Gift card.
url parameter is the base64 encoded URL. Once the gift card is created/cancelled, then the page is is redirected to the url
To open the link : Click here
I gave amF2Y
I reported this bug to amazon on 11th Feb 2016, and it was fixed on 16th Feb 2016. Unfortunately, Amazon does not give any bounty for security vulnerabilities. 🙁
Mail confirmation from amazon: