There exist a reflected XSS in /interface/forms/eye_mag/js/eye_base.php in the ‘providerID’ parameter.
http://openemr.local/interface/forms/eye_mag/js/eye_base.php?providerID=%3Cimg%20src=x%20onerror=alert(1);%3E
properly sanitize the providerID parameter.