R-XSS Leading CSRF ByPass to Account Takeover

I was testing one web application and going through error parameters and then found a Reflected XSS. http://Redact/Redact.EXT?errorMsg={Vulnerable-Endpoint} I did not think to find an R-XSS was the