11Ara
XSS chained with CSRF = Stored XSS?
I have recently heard that XSS + CSRF = stored XSS. I didn't think too much about it at the time, but now it's bugging me, because it doesn't make too much sense.
I would say that it can stand true, if the XSS was "self-stored XSS" for which CSRF is used to get rid of the "self" part.
Other than that, I don't see any other potential way for the aforementioned equation to be true. Is there another case that I miss?
