Missing User Warnings
Medium
- Confidence
- 99% confidence
- Finding
- The script sends the AviationStack API key and route query parameters to the API over plain HTTP, which exposes them to interception or modification by any attacker on the network path. Because the key is placed directly in the URL query string, it is additionally more likely to be logged by proxies, gateways, or client tooling, increasing credential exposure risk.
