So the browser handles data, user trusts the registration form is not a scam. Site B trusts the cookies/authinfo and applies the changes requested by the OP at Webserver A. == XSS.

No, you still haven't described an XSS attack, so I'm guessing you still haven't read that article. And as you're only quoting the second sentence of the CSRF article, I'm guessing you haven't read the rest of that, either. I suggest you do so before continuing the discussion.