Can an Intrusion Prevention System (e.g. Snort) prevent CSRF and XSS attacks?

Intrusion Prevention System is a broad term. It basically says only that it is a system to prevent intrusions and does not imply a specific technical implementations. Therefore a variety of systems which somehow had the goal to prevent intrusion, were marketed as IPS when the term was hot. Therefore a generic statement about the capabilities of IPS to solve a specific problem cannot be made.

As for systems like Snort or Suricata: These basically try to match pattern in the network traffic using predefined fixed signatures. They are capable of parsing HTTP traffic and do basic analysis on it. These capabilities can be used to create custom pattern to detect specific and pre-known CSRF and XSS attacks. These are not enough for a more generic approach – simply because such attacks cannot be generically detected with simple string matches and regular expressions in the first place.

Additionally Suricata and Snort are not capable to analyse HTTPS traffic by their own. This means they must be strategically placed in the network so that they get the unencrypted traffic for analysis.