I recently found a XSS bug in Microsoft payments page. Initially I thought, it was only a simple URL redirection bug and reported the same. Then I realized that it is a XSS bug.
Below is the URL.
Unfortunately, this URL is not part of Microsoft bug bounty program. But they listed my name in the March month
Microsoft Hall of fame security researchers page.
I reported the bug on March 12th and it was fixed on April 4th 2016. Watch the below video explains more about the bug.