The database is open and accessible via http://localhost:8081/h2-console and the default password is .... empty :(
Or log in as an Admin :), that works as well.
Choose a product and replace the productname with
<script>alert(document.cookie);</script>Nog go to the product page of that specifc product.