A simple student account and you can execute the XSS. You will put the code onto the discussion board in a post form. There is why Blackboard released first a patch and then an upgrade. Those vulnerabilities were found around the first semester of 2006. So there wasn't version 7.0 at that time. Now, I asked blackboard to send me a version of the new upgrade, so I could test it out. I'm still waiting for ther response.