actually I managed to reproduce it on your demo site as well. On
demos.affiliatefeeds.nl/shop/kleding.html
search for %22%3ETEST%3Cimg%20src=a%20onerror=alert%28document.cookie%29%3E
or
>TEST<img src=a onerror=alert(document.cookie)>
I am not very familiar with XSS techniques and shit, so I'm not really sure if it is indeed an XSS isuue. However this search does add html on the page and on firefox it does open a popup with the cookie details.
I imagine if any1 were to send some1 to your site using a link containing such a search, then he would be able to do all kinds of shit on the visitor with your server's blessing.
I managed to avoid this behavior by changing the components/com_datafeeds/helpers/helpers.php line 161 (joomla 3.4 by the way) from
foreach ( explode('>',$q) as $v ) {
to
str_replace(array('>','<'),'some character combination',$q);
foreach ( explode('some character combination',$q) as $v ) {
however I'm not really sure this is ok