I recently found a XSS bug Amazon Gift card creation flow, I am going to explain how it works.
Below is the URL is for creating Amazon Gift card.
urlparameter is the base64 encoded URL. Once the gift card is created/cancelled, then the page is is redirected to the url
To open the link : Click here
I reported this bug to amazon on 11th Feb 2016, and it was fixed on 16th Feb 2016. Unfortunately, Amazon does not give any bounty for security vulnerabilities.
Mail confirmation from amazon: