I recently found a XSS bug in Microsoft payments page. Initially I thought, it was only a simple URL redirection bug and reported the same. Then I realized that it is a XSS bug.
Below is the URL.
https://controls.cp.microsoft.com/PaymentInstrument/pcssuccess?auth=true&origin=XXXXXXX&piid=abcd
Unfortunately, this URL is not part of Microsoft bug bounty program. But they listed my name in the March month
Microsoft Hall of fame security researchers page.
I reported the bug on March 12th and it was fixed on April 4th 2016. Watch the below video explains more about the bug.
