TikiWiki is vulnerable to a cross-site scripting attack when a malicious user supplies a specially crafted URL to the tiki-view_faq.php script. This vulnerability is due to insufficient sanitization of user-supplied input to the 'faqId' parameter. An attacker can exploit this vulnerability to execute arbitrary HTML and script code in a user's browser in the context of the affected site.