diff --git a/frontend/src/app/adminui/edituser/edituser.component.html b/frontend/src/app/adminui/edituser/edituser.component.html
index 88c2ec1..6d6399b 100644
--- a/frontend/src/app/adminui/edituser/edituser.component.html
+++ b/frontend/src/app/adminui/edituser/edituser.component.html
@@ -29,7 +29,7 @@
         Confirm new password
       </label>
       <input class="input w-full shadow text-center" id="password3" type="password" placeholder="********" name="newPasswordConfirm"
-      [(ngModel)]="confirmPassword">
+      [(ngModel)]="confirmNewPassword">
     </div>
 
     <div class="modal-action">
diff --git a/frontend/src/app/adminui/edituser/edituser.component.ts b/frontend/src/app/adminui/edituser/edituser.component.ts
index d3eec46..56ac7a7 100644
--- a/frontend/src/app/adminui/edituser/edituser.component.ts
+++ b/frontend/src/app/adminui/edituser/edituser.component.ts
@@ -19,13 +19,13 @@ export class EdituserComponent {
   username: string = "";
   originalPassword: string = "";
   newPassword: string = "";
-  confirmPassword: string = "";
+  confirmNewPassword: string = "";
 
   constructor(private developmentStore: DevelopmentStore, private authStore: AuthStore) {}
 
   async saveUser() {
 
-    if(this.newPassword !== this.confirmPassword) {
+    if(this.newPassword !== this.confirmNewPassword) {
       alert("New password and confirm password do not match");
       return;
     }
@@ -33,16 +33,17 @@ export class EdituserComponent {
     try {
       const response = await axios({
         method: 'post',
-        url: this.developmentStore.getBaseUrl() + 'api/v1/secure/user/update',
+        url: this.developmentStore.getBaseUrl() + 'api/v1/secure/users',
         headers: {
           'Content-Type': 'application/json',
           'Authorization': 'Bearer ' + await firstValueFrom(this.authStore.token$)
         },
         data: {
+          originalUsername: this.parsedUsername,
           username: this.username,
           originalPassword: this.originalPassword,
           newPassword: this.newPassword,
-          confirmPassword: this.confirmPassword
+          newPasswordConfirm: this.confirmNewPassword
         }
       });
       // TODO: Implement backend logic for this
diff --git a/src/main/java/de/w665/sharepulse/config/CorsConfig.java b/src/main/java/de/w665/sharepulse/config/CorsConfig.java
index 37f5971..09468b7 100644
--- a/src/main/java/de/w665/sharepulse/config/CorsConfig.java
+++ b/src/main/java/de/w665/sharepulse/config/CorsConfig.java
@@ -17,6 +17,7 @@ public class CorsConfig implements WebMvcConfigurer {
         registry.addMapping("/api/v1/**")
                 .allowedOrigins("*")
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowedHeaders("*");
+                .allowedHeaders("*")
+                .maxAge(3600);
     }
 }
diff --git a/src/main/java/de/w665/sharepulse/db/repo/UserRepository.java b/src/main/java/de/w665/sharepulse/db/repo/UserRepository.java
index 5aaf6db..485e66d 100644
--- a/src/main/java/de/w665/sharepulse/db/repo/UserRepository.java
+++ b/src/main/java/de/w665/sharepulse/db/repo/UserRepository.java
@@ -40,6 +40,21 @@ public class UserRepository {
                 .run(connection);
     }
 
+    public void updateUser(User user) {
+        r.db(config.getDatabase()).table("users")
+                .filter(r.hashMap("username", user.getUsername()))
+                .update(user)
+                .run(connection);
+    }
+
+    // If username is changed, this method must be used. Else the user will not be found
+    public void updateUser(User user, String originalUsername) {
+        r.db(config.getDatabase()).table("users")
+                .filter(r.hashMap("username", originalUsername))
+                .update(user)
+                .run(connection);
+    }
+
     public void insertUser(User user) {
         r.db(config.getDatabase()).table("users").insert(user).run(connection);
     }
diff --git a/src/main/java/de/w665/sharepulse/rest/mappings/Administration.java b/src/main/java/de/w665/sharepulse/rest/mappings/Administration.java
index 208b496..378107e 100644
--- a/src/main/java/de/w665/sharepulse/rest/mappings/Administration.java
+++ b/src/main/java/de/w665/sharepulse/rest/mappings/Administration.java
@@ -5,14 +5,13 @@ import de.w665.sharepulse.db.repo.UserRepository;
 import de.w665.sharepulse.model.FileUpload;
 import de.w665.sharepulse.model.User;
 import de.w665.sharepulse.rest.SecureApiRestController;
+import de.w665.sharepulse.rest.ro.UserEditRequest;
 import de.w665.sharepulse.service.AuthenticationService;
 import de.w665.sharepulse.service.FileCleanupService;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import java.util.HashMap;
 import java.util.List;
@@ -56,6 +55,25 @@ public class Administration extends SecureApiRestController {
         return ResponseEntity.ok(response);
     }
 
+    @PostMapping("/users")
+    public ResponseEntity<Object> updateUser(@RequestBody UserEditRequest userEditRequest, HttpServletRequest request) {
+        Optional<User> optionalUser = userRepository.retrieveUserByUsername(userEditRequest.getOriginalUsername());
+        if(optionalUser.isEmpty()) {
+            return ResponseEntity.badRequest().body("User not found");
+        } else if (!userEditRequest.getNewPassword().equals(userEditRequest.getNewPasswordConfirm())) {
+            return ResponseEntity.badRequest().body("Passwords do not match");
+        } else if(userEditRequest.getNewPassword().length() < 4) {
+            return ResponseEntity.badRequest().body("Password too short. Must be at least 4 characters.");
+        }
+        User user = optionalUser.get();
+        user.setPassword(authenticationService.encodePassword(userEditRequest.getNewPassword()));
+        user.setUsername(userEditRequest.getUsername());
+        userRepository.updateUser(user, userEditRequest.getOriginalUsername());
+        // Clear password before returning
+        user.setPassword(null);
+        return ResponseEntity.ok(user);
+    }
+
     @DeleteMapping("/files")
     public ResponseEntity<Object> deleteFiles(HttpServletRequest request) {
         List<FileUpload> files = fileCleanupService.deleteFiles();
diff --git a/src/main/java/de/w665/sharepulse/rest/ro/UserEditRequest.java b/src/main/java/de/w665/sharepulse/rest/ro/UserEditRequest.java
new file mode 100644
index 0000000..7e2838c
--- /dev/null
+++ b/src/main/java/de/w665/sharepulse/rest/ro/UserEditRequest.java
@@ -0,0 +1,16 @@
+package de.w665.sharepulse.rest.ro;
+
+import lombok.*;
+
+@NoArgsConstructor
+@Getter
+@Setter
+@ToString
+public class UserEditRequest {
+    private String originalUsername;
+    private String username;
+    private String originalPassword;
+    private String newPassword;
+    private String newPasswordConfirm;
+    private String email; // E-Mail is not implemented into frontend yet
+}
diff --git a/src/main/java/de/w665/sharepulse/service/AuthenticationService.java b/src/main/java/de/w665/sharepulse/service/AuthenticationService.java
index e44949c..c620166 100644
--- a/src/main/java/de/w665/sharepulse/service/AuthenticationService.java
+++ b/src/main/java/de/w665/sharepulse/service/AuthenticationService.java
@@ -99,4 +99,8 @@ public class AuthenticationService {
             return null;
         }
     }
+
+    public String encodePassword(String password) {
+        return passwordEncoder.encode(password);
+    }
 }