It was much easier than before, Just append a malicious payload “><script/k/>alert(113)</script/k/> to parameter.
Few weeks after reporting this issue to amazon security team, I got a reply that issue has been resolved and to verify it again. On further testing I could easily bypass the fix using payload “-confirm(1)-”.
Thanks for reading. Hope will get time to write some more posts.