To complete this challenge, you need to identify locations in code where cross-site scripting is possible. Navigate to the Built-In XSS Protections Challenge tab within the Cross-site Scripting (XSS) application. You will see text output corresponding to merge fields in the Visualforce code. Locate any usage of the merge field "{!sampleMergeField}". Edit the code comment beneath the merge field to indicate whether or not this code block is vulnerable to cross-site scripting. For instance:
-If the code is vulnerable, the comment should appear as <!-- Line 10 is vulnerable to XSS: YES -- >
-If the code is not vulnerable, the comment should appear as <!-- Line 10 is vulnerable to XSS: NO -- >

I am getting following error
Challenge Not yet complete... here's what's wrong:
Looks like you incorrectly identified some potential cross-site scripting vectors. Please try again.

Please help me to complete this challenge