I checked into it and I cannot reproduce any problem, e.g. http://www.question2answer.org/qa/search?q=%3Ci%3Etest%3C/i%3E
Can you PM me with some more details about this? For example your client's site and how you accomplish the XSS?
Update: thanks for the PM. This is not a problem with Q2A because the search term is escaped for output, in qa-include/pages/search.php line 84:
$qa_content['title']=qa_lang_html_sub('main/results_for_x', qa_html($inquery));
So it sounds like you have modified that file in some way, to remove the security.