RichText parser vulnerability in scheduled posts allows XSS