Jarnepeelman1

**Name of the Vulnerable Software and Affected Versions** InstantCMS version 2.16.2 **Description** An open redirect was found in the ICMS2 application when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on the ICMS2 application. They could then host a website stating "To update your profile, please enter your password," upon which the user may type their password and send it to the attacker. **Recommendations** As a temporary workaround, consider restricting access to the user profile modification feature until a patch is available. Avoid using the affected version of InstantCMS until a patched version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.