I am currently using Jira 6.1. And the issue is related to the Jira announcement banner. While editing/adding the announcement banner i tried to inject a script like <script>window.location.href='www.somesite'</script>. By doing so, after logging in to Jira , it redirected to the particular site. Therefore i came to know that the application allows scripts to inject and I want to prevent/avoid this. In my case it is open redirection issue. Need help on this!!