XSS user_comment = get_user_last_comment() code example

Example: javascript image xss

<img src='#' onerror=alert(1) />