Issue reminder templates allows Jira Administrators to insert script.
This may cause XSS attacks by Jira Admins. But Jira by design allows Administrators to embed scripts in various places:
Description of custom fields
But we will fix this because ability to add script to message template is not a useful feature.