I recently found an XSS in Pinterest developer website. It only took 2 days for Pinterest to fix it. At first glance, Pinterest told me that it is self-xss but I sent further info and realized it is a reflected xss and that it is eligible for a bounty.
Steps to reproduce:
1. Go to developers.pinterest.com
2. then go to widget builder
3. In the custom image enter the payload
4. XSS pop-up