XSS with -prompt`1`-

I was looking for xss vulnerabilities in a bitcoin exchange and came across a url like:

https://www.xyz.com/en/buy-crypto?cur=USD&cry=BTC&amount=500&ref=123456 

I tried the standard cheat sheet to check for vulns in the ‘amount’ parameter, which was being directly displayed in the webpage. But it had heavy WAF of cloudfare and I kept getting a 403 error. Now I modified it as :

https://www.xyz.com/en/buy-crypto?cur=USD&cry=BTC&amount=-prompt`1`-&ref=123456 

Now, I was able to make the content of ‘amount’ columns as -prompt1-. But I can’t make a pop-up appear. Is this page vulnerable to xss? How to exploit it?