Visiting a link such as the below will result in me reaching the correct ticket (IC-6948) - which suggests the input is being sanitised, however the window title (javascript document.title) is set to the full unsanitised input from the URL window:

https://my.jira.instance/browse/IC-6948%3C%2Ftitle%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3Ealert(%22hellow%22)%3C%2Fscript%3E

This has been tested with version below:
Atlassian JIRA Project Management Software (v7.6.4#76006-sha1:ca83f0e) 

I've attempted to do a XSS (Cross Site Scripting) attack with this, but I wasn't successful in closing the <head><title> tag, which I need to do before I can open a script tag in order to inject further input into the html page