以下是页面截图中的关键漏洞信息,使用简洁的Markdown格式整理: --- Title: MediaCrush 1.0 Improper Neutralization of HTTP Headers for Scripting Syntax Description: An application-controlled Host header is read and trusted in mediacrush/paths.py via request.headers["Host"].strip(). An attacker who can send arbitrary HTTP requests can control that value. This may allow generation of attacker-controlled absolute URLs, cache poisoning, password-reset link manipulation, and other Host header attacks. Source:  User: lakshay12311 (UID 91298) Submission Date: 11/09/2025 06:47 PM Moderation Date: 11/30/2025 03:04 PM Status: Accepted VulDB Entry: 333813 [MediaCrush 1.0.0/1.0.1 Header /mediacrush/paths.py Host http headers for scripting syntax] Points: 19