Oftentimes, when we, as penetration testers, describe XSS to our clients or to developers, we focus on the defacement and phishing/information theft aspects of its impact and overlook the fact that it can be used by the attacker to forge requests using the victim's session to perform any action available to the victim within the application.
In this recipe, we will illustrate this situation using an XSS attack to forge a request that is protected with an anti-CSRF token.